Trojaner-Board - Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. (https://www.trojaner-board.de/97210-trojan-hiloti-gen-appcrash-svchost-exe-google-redirects-staendige-angriffe-etc.html)

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.

(Kenne mich nicht so aus, also bitte nicht wundern, ich geb mein Bestes)

Habe seit einigen Tagen mehrere Probleme auf meiner Windows Vista Partition:

Norton meldet ständig Angriffe (Tidserv Activity : System Infected). Es sind immer die selben IP's, anscheinend russische. Windows Update funktioniert nicht. Google leitet mich öfter um. Es kommt ständig die Meldung 'Windows Dienst funktioniert nicht mehr', Appcrash, svchost.exe. Manchmal wechselt das Design meiner Taskleiste und sieht dann wie das von XP aus, auch bei dem Fenster von 'Windows Dienst funktioniert nicht' hab ich das XP-Design.

Hier meine Malwarebytes logfile

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6283
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

##########

mbam-log-2011-04-06 (11-05-39).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 150130

Laufzeit: 5 Minute(n), 51 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 2

Infizierte Dateiobjekte der Registrierung: 1

Infizierte Verzeichnisse: 0

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Delete on reboot.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\Zaphod\AppData\Local\Temp\snwroeaxcm.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

c:\Users\Zaphod\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully.

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Vielen Dank für die schnelle Antwort. Habe schon einmal versucht zu posten, hat aber anscheinend nicht funktioniert.

Hier die logfilfe von Malwarebytes nach Aktualisierung und Vollscan:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6290
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

07.04.2011 00:04

mbam-log-2011-04-07 (00-04-00).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)

Durchsuchte Objekte: 277464

Laufzeit: 1 Stunde(n), 14 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

OTL:

Code:

OTL logfile created on: 07.04.2011 14:16:23 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Zaphod\Downloads

Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS

 

Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\ASOEHOOK.DLL (Symantec Corporation)

MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCR90.dll (Microsoft Corporation)

MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCP90.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVENG.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110405.001\IDSvix86.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)

DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)

DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.01.13 19:48:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.01.07 04:05:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.29 10:10:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.29 10:10:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 14:17:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.06 14:17:16 | 000,000,000 | ---D | M]

 

[2011.04.06 14:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Extensions

[2011.04.06 14:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions

[2011.04.06 14:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.04.06 14:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011.04.06 14:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO

[2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

[2011.01.07 04:05:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN

[2011.01.13 19:48:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN

[2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011.03.20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.03.20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.03.20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.03.20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.03.20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.04.06 13:02:04 | 000,432,311 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 127.0.0.1

O1 - Hosts: 14882 more lines...

O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun

O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe

O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.06 17:22:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.06 17:22:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.06 15:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011.04.06 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Mozilla

[2011.04.06 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011.04.06 14:03:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011.04.06 14:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011.04.06 13:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2011.04.06 13:59:45 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QTCF.dll

[2011.04.06 13:59:45 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx

[2011.04.06 13:59:45 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

[2011.04.06 13:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative

[2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011.04.06 10:52:23 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Malwarebytes

[2011.04.06 10:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.06 10:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.04.02 16:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN

[2011.03.31 15:55:43 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\System32\advdaudio.ocx

[2011.03.31 15:55:43 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll

[2011.03.31 15:55:43 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll

[2011.03.31 15:55:43 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll

[2011.03.31 15:55:43 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll

[2011.03.31 15:55:43 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll

[2011.03.31 15:55:42 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll

[2011.03.31 15:55:42 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll

[2011.03.31 15:55:42 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll

[2011.03.31 15:55:42 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll

[2011.03.31 15:55:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll

[2011.03.31 15:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\concept design

[2011.03.29 10:11:26 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Local\DDMSettings

[2011.03.27 21:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011.03.27 21:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2011.03.26 14:36:27 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\EAC

[2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy

[2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy

[2011.03.26 14:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy

[2011.03.26 11:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz

[2011.03.24 23:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monkey's Audio

[2011.03.24 23:12:25 | 000,364,544 | ---- | C] (Matthew T. Ashland) -- C:\Windows\System32\MACDll.dll

[2011.03.24 23:12:25 | 000,246,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll

[2011.03.24 23:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Monkey's Audio

[2011.03.24 15:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics

[2011.03.24 15:12:19 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Amazon

[2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

[2011.03.24 14:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

[2011.03.24 14:42:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll

[2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in

[2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect

[2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Winamp

[2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

[2011.03.09 13:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.07 14:15:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.07 14:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.07 14:14:01 | 2137,432,064 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.07 02:46:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.04.07 02:37:39 | 000,644,854 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.07 02:37:39 | 000,613,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.07 02:37:39 | 000,117,716 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.07 02:37:39 | 000,104,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.07 00:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.06 17:22:48 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.06 14:17:22 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.04.06 14:11:59 | 000,019,277 | ---- | M] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json

[2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011.04.06 14:02:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011.04.06 14:00:56 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2011.04.06 14:00:55 | 000,001,401 | ---- | M] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk

[2011.04.06 13:02:04 | 000,432,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.04.05 21:35:36 | 406,186,373 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.04.03 00:52:18 | 000,007,102 | ---- | M] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg

[2011.04.02 16:14:14 | 000,433,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.04.02 15:46:44 | 000,101,376 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll

[2011.04.02 15:46:07 | 000,079,872 | ---- | M] (Axalto, Inc.) -- C:\Windows\System32\axaltocm.dll

[2011.04.02 13:38:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll

[2011.04.02 13:38:24 | 000,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe

[2011.03.30 18:06:14 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2011.03.26 14:36:20 | 000,000,873 | ---- | M] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk

[2011.03.25 16:24:53 | 000,012,288 | ---- | M] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.23 15:20:58 | 000,031,027 | ---- | M] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg

[2011.03.12 11:27:38 | 000,007,020 | ---- | M] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf

[2011.03.12 11:21:03 | 001,369,134 | ---- | M] () -- C:\Users\Zaphod\Desktop\00000001.TIF

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.04.06 17:22:48 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.06 15:06:20 | 000,001,839 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

[2011.04.06 14:17:22 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.04.06 14:11:59 | 000,019,277 | ---- | C] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json

[2011.04.06 14:00:56 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2011.04.06 14:00:55 | 000,001,401 | ---- | C] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk

[2011.04.05 23:22:14 | 2137,432,064 | -HS- | C] () -- C:\hiberfil.sys

[2011.04.03 00:50:28 | 000,007,102 | ---- | C] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg

[2011.03.31 15:55:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll

[2011.03.31 15:55:43 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll

[2011.03.31 15:55:42 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2011.03.26 14:36:19 | 000,000,873 | ---- | C] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk

[2011.03.23 15:20:56 | 000,031,027 | ---- | C] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg

[2011.03.12 11:27:38 | 000,007,020 | ---- | C] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf

[2011.03.12 11:21:02 | 001,369,134 | ---- | C] () -- C:\Users\Zaphod\Desktop\00000001.TIF

[2010.12.31 19:36:00 | 000,001,378 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat

[2010.12.31 19:35:43 | 000,002,180 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat

[2010.12.31 19:33:45 | 000,002,605 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Wavpack Codec.dat

[2010.11.16 22:47:39 | 000,012,288 | ---- | C] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.04 13:03:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.09.01 20:20:34 | 000,179,200 | ---- | C] () -- C:\Windows\System32\Un_PLUSr.dll

[2009.08.12 14:53:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009.08.12 14:13:03 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI

[2009.08.12 14:12:03 | 000,000,319 | ---- | C] () -- C:\Windows\ULEAD32.INI

[2009.07.10 19:26:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.06.06 11:03:06 | 000,000,760 | ---- | C] () -- C:\Users\Zaphod\AppData\Roaming\setup_ldm.iss

[2009.05.09 17:49:35 | 000,000,046 | ---- | C] () -- C:\Windows\QTW.INI

[2008.07.12 21:28:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2008.05.30 13:48:34 | 000,010,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dMC Power Pack.dat

[2008.05.30 13:37:54 | 000,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat

[2008.02.21 11:39:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2008.02.21 11:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2008.02.18 09:22:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2008.02.18 09:22:19 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin

[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin

[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin

[2008.02.05 18:38:49 | 000,000,850 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat

[2008.02.05 18:38:44 | 000,000,789 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4.dat

[2008.02.05 18:29:31 | 000,130,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe

[2008.01.31 16:40:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini

[2007.12.10 14:49:41 | 000,217,088 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe

[2007.10.11 10:52:30 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2007.09.29 21:30:39 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2007.09.29 21:30:39 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2007.09.29 21:30:39 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2007.09.29 21:21:53 | 000,038,674 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2007.09.27 20:48:18 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys

[2007.09.27 20:47:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2007.09.05 17:56:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007.09.05 17:56:32 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007.09.05 17:56:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll

[2007.07.11 13:38:37 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL

[2007.02.02 11:56:54 | 000,644,854 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2007.02.02 11:56:54 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2007.02.02 11:56:54 | 000,117,716 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2007.02.02 11:56:54 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.12.01 18:34:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:43 | 000,433,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:36:36 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2006.11.02 12:33:01 | 000,613,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,768 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
 

< End of report >

OTL Registry:

Code:

OTL Extras logfile created on: 07.04.2011 14:16:23 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Zaphod\Downloads

Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS

 

Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

cval = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

AntiVirusOverride = 0

AntiSpywareOverride = 0

FirewallOverride = 0

VistaSp1 = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

DisableNotifications = 0

EnableFirewall = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

DisableNotifications = 0

EnableFirewall = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

DisableNotifications = 0

EnableFirewall = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

{275F5956-D7ED-4822-ACB6-4B629B3577A9} = lport=1434 | protocol=17 | dir=in | name=microsoft sql (udp) | 

{60A9F5A4-28C8-474B-A813-74A8A98F3B52} = lport=1433 | protocol=6 | dir=in | name=microsoft sql (tcp) | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

{207784FF-D210-49BD-8E48-5AEA2D7F76D3} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe | 

{2BC45063-1145-44EA-9CD3-8407E812538A} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

{392E73D7-5E15-4540-AF1D-9368E33E21C5} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe | 

{4DEE3944-E82D-4F45-AB13-883446C35C27} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe | 

{4E3A8426-C85C-4682-A9FE-FAA1238F3206} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe | 

{914603C7-F9A7-4014-B60D-F9D708CBD455} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

{DFC8FC5F-41EE-46D3-885A-F922882853D6} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

TCP Query User{27302830-F8FA-408D-9136-67855E575A57}C:\program files\google\google earth\client\googleearth.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

TCP Query User{64BFDC2F-794A-46BB-A254-51765551D2AE}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

TCP Query User{6C42D564-CFED-4F85-B0E0-FCF87A7EF106}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

TCP Query User{7C1F5E4E-8AC3-411C-A970-857226E08F06}D:\mirandaportable\app\miranda\miranda32.exe = protocol=6 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe | 

TCP Query User{9F7ABBD7-6A20-4EA6-A4CD-728919EF5168}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

TCP Query User{CEAAB43F-BF08-456A-B512-0891BC571FCF}C:\program files\diablo ii\game.exe = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 

TCP Query User{EE2DDEA0-2D95-49DA-BB15-5A7ED1343E12}C:\program files\google\google earth\plugin\geplugin.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

TCP Query User{F7AA8D78-2DB0-4B95-A897-A8E4EDBF747D}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

UDP Query User{06144DC5-5AE5-48D5-A5B3-4020E5030BCE}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

UDP Query User{0BF4EA33-4EED-402C-A93F-114B74607A6D}C:\program files\google\google earth\plugin\geplugin.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

UDP Query User{1BF43519-4D83-48EF-8790-A4ABD284887B}C:\program files\diablo ii\game.exe = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 

UDP Query User{77BA60A8-AAD3-4988-BDCF-81E90CB13BF4}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

UDP Query User{9EF770DF-4FB1-41DF-B3EB-3D9C77DE3EC6}C:\program files\google\google earth\client\googleearth.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

UDP Query User{BBBDA0F5-68FE-4E34-AFDD-D0489369CBE7}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

UDP Query User{DE55D95C-9DC4-4744-AD1D-B57C6060E3A3}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

UDP Query User{E02D339B-F031-451B-A799-5398751C26AD}D:\mirandaportable\app\miranda\miranda32.exe = protocol=17 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

{052FDD78-A6EA-3187-8386-C82F4CA3A929} = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

{0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer

{23F2AD64-EAB3-4C01-AECA-33FBA6C7BFCD} = Neverwinter Nights

{25569723-DC5A-4467-A639-79535BF01B71} = Adobe Help Center 2.1

{26A24AE4-039D-4CA4-87B4-2F83216024FF} = Java(TM) 6 Update 24

{3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper

{4286E640-B5FB-11DF-AC4B-005056C00008} = Google Earth

{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater

{55D8440D-6577-46DC-9571-8E5E3046AC11} = X-TENSIONS EM_USB Device Utilities

{5EE7D259-D137-4438-9A5F-42F432EC0421} = VC80CRTRedist - 8.0.50727.4053

{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} = Activation Assistant for the 2007 Microsoft Office suites

{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} = Windows Media Player Firefox Plugin

{716E0306-8318-4364-8B8F-0CC4E9376BAC} = MSXML 4.0 SP2 Parser and SDK

{7655E113-C306-11D9-A373-0050BAE317E1} = MCE Software Encoder 1.1

{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight

{90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007

{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0015-0409-0000-0000000FF1CE} = Microsoft Office Access MUI (English) 2007

{90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007

{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0016-0409-0000-0000000FF1CE} = Microsoft Office Excel MUI (English) 2007

{90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007

{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0018-0409-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (English) 2007

{90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007

{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0019-0409-0000-0000000FF1CE} = Microsoft Office Publisher MUI (English) 2007

{90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007

{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001A-0409-0000-0000000FF1CE} = Microsoft Office Outlook MUI (English) 2007

{90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007

{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001B-0409-0000-0000000FF1CE} = Microsoft Office Word MUI (English) 2007

{90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007

{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007

{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007

{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007

{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-001F-0C0A-0000-0000000FF1CE} = Microsoft Office Proof (Spanish) 2007

{90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007

{90120000-002C-0409-0000-0000000FF1CE} = Microsoft Office Proofing (English) 2007

{90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007

{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007

{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-006E-0409-0000-0000000FF1CE} = Microsoft Office Shared MUI (English) 2007

{90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007

{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-00B2-0407-0000-0000000FF1CE} = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme

{90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007

{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{90120000-0115-0409-0000-0000000FF1CE} = Microsoft Office Shared Setup Metadata MUI (English) 2007

{90120000-0117-0409-0000-0000000FF1CE} = Microsoft Office Access Setup Metadata MUI (English) 2007

{91120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007

{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{91120000-0031-0000-0000-0000000FF1CE} = Microsoft Office Professional Hybrid 2007

{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1)

{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

{A49F249F-0C91-497F-86DF-B2585E8E76B7} = Microsoft Visual C++ 2005 Redistributable

{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} = Adobe Photoshop Elements 5.0

{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper

{AC76BA86-7AD7-1031-7B44-A81300000003} = Adobe Reader 8.1.3 - Deutsch

{AC76BA86-7AD7-5464-3428-800000000003} = Spelling Dictionaries Support For Adobe Reader 8

{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} = Microsoft .NET Framework 3.5 SP1

{D0846526-66DD-4DC9-A02C-98F9A2806812} = Launch Manager V1.4.6

{D34D82E0-4600-407B-9478-8506C1DD1031} = Nero 7 Essentials

{DC24971E-1946-445D-8A82-CE685433FA7D} = Realtek USB 2.0 Card Reader

{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4} = LG USB Modem Drivers

{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82} = OLYMPUS Master 2

{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint

Activation Assistant for the 2007 Microsoft Office suites = Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 5 = Adobe Photoshop Elements 5.0

Adobe Shockwave Player = Adobe Shockwave Player 11.5

Amazon MP3-Downloader = Amazon MP3-Downloader 1.0.9

CNXT_AUDIO_HDA = Conexant HD Audio

dBASE PLUS series1 Runtime Engine = dBASE PLUS Runtime Engine

dBpowerAMP Music Converter = dBpowerAMP Music Converter

dBpowerAMP Wavpack Codec = dBpowerAMP Wavpack Codec

dBpowerAMP WMA V9 Codec = dBpowerAMP WMA V9 Codec

dBpowerAMP WMA V9.1 Codec = dBpowerAMP WMA V9.1 Codec

Diablo II = Diablo II

DivX Setup.divx.com = DivX-Setup

dMC Power Pack = dMC Power Pack

EAX Unified = EAX Unified

ENTERPRISER = Microsoft Office Enterprise 2007

Exact Audio Copy = Exact Audio Copy 1.0beta1

HDMI = Intel(R) Graphics Media Accelerator Driver

HyperMedia_is1 = HyperMedia Software

HyperMediaCenter 3.6_is1 = HyperMediaCenter 3.6

Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware

Microsoft .NET Framework 3.5 Language Pack SP1 - deu = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

Microsoft .NET Framework 3.5 SP1 = Microsoft .NET Framework 3.5 SP1

Monkey's Audio_is1 = Monkey's Audio

Mozilla Firefox (3.6.16) = Mozilla Firefox (3.6.16)

NIS = Norton Internet Security

Ogg Vorbis aoTuV b4 = Ogg Vorbis aoTuV b4

Ogg Vorbis aoTuV b4 SSE2 = Ogg Vorbis aoTuV b4 SSE2

PROHYBRIDR = 2007 Microsoft Office system

QuicktimeAlt_is1 = QuickTime Alternative 3.2.2

RealPlayer 6.0 = RealPlayer

SynTPDeinstKey = Synaptics Pointing Device Driver

Ulead Photo Express 2.0 SE = Ulead Photo Express 2.0 SE

Veetle TV = Veetle TV 0.9.18

VLC media player = VideoLAN VLC media player 0.8.6c

vShare = vShare Plugin

Winamp = Winamp

WinRAR archiver = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

Winamp Detect = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077

Description = 

 

Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077

Description = 

 

Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077

Description = 

 

Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077

Description = 

 

Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077

Description = 

 

Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077

Description = 

 

Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077

Description = 

 

Error - 06.04.2011 18:52:58 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,

 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x41c, Anwendungsstartzeit

 01cbf4aa898b77e2.

 

Error - 06.04.2011 20:24:17 | Computer Name = Zaphod-Lab | Source = WerSvc | ID = 5007

Description = 

 

Error - 06.04.2011 20:30:41 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00040026,  Prozess-ID 0x414, Anwendungsstartzeit

 01cbf4b920c701ad.

 

[ System Events ]

Error - 06.04.2011 16:47:15 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 06.04.2011 17:47:04 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005

Description = 

 

Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 06.04.2011 19:01:29 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005

Description = 

 

Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 06.04.2011 20:33:41 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7032

Description = 

 

Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

Hoffe, ich hab alles richtig gemacht.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Ja, gibt noch 2 Malwarebytes logfiles, wurden zwischen der logfile aus meinem 1. Beitrag und der logfile aus meinem 2. Beitrag erstellt. Waren aber auch wie der erste nur Quick-Scans.

Malwarebytes logfile:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6283
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

06.04.2011 11:16

mbam-log-2011-04-06 (11-16-11).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 150077

Laufzeit: 5 Minute(n), 23 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Malwarebytes logfile:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6287
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

06.04.2011 17:30

mbam-log-2011-04-06 (17-30-31).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 144921

Laufzeit: 4 Minute(n), 42 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Gruß

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun

O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe

O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Gesagt, Getan.
OTL:

Code:

All processes killed

========== OTL ==========

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.

File E:\LGAutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.

File D:\setup.exe not found.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Flash cache emptied: 41 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Zaphod

->Temp folder emptied: 17489889 bytes

->Java cache emptied: 10643 bytes

->FireFox cache emptied: 97425173 bytes

->Flash cache emptied: 1393 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 820529 bytes

%systemroot%\System32 .tmp files removed: 556616 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 430930 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 111,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 04072011_211243
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Gruß,
Stephi

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hallo Arne,

hier kommt das rootkit log:

Code:

2011/04/08 10:10:33.0416 3260        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/08 10:10:33.0447 3260        ================================================================================

2011/04/08 10:10:33.0447 3260        SystemInfo:

2011/04/08 10:10:33.0447 3260        

2011/04/08 10:10:33.0447 3260        OS Version: 6.0.6000 ServicePack: 0.0

2011/04/08 10:10:33.0447 3260        Product type: Workstation

2011/04/08 10:10:33.0447 3260        ComputerName: ZAPHOD-LAB

2011/04/08 10:10:33.0447 3260        UserName: Zaphod

2011/04/08 10:10:33.0447 3260        Windows directory: C:\Windows

2011/04/08 10:10:33.0447 3260        System windows directory: C:\Windows

2011/04/08 10:10:33.0447 3260        Processor architecture: Intel x86

2011/04/08 10:10:33.0447 3260        Number of processors: 2

2011/04/08 10:10:33.0447 3260        Page size: 0x1000

2011/04/08 10:10:33.0447 3260        Boot type: Normal boot

2011/04/08 10:10:33.0447 3260        ================================================================================

2011/04/08 10:10:35.0241 3260        Initialize success

2011/04/08 10:10:48.0174 0792        ================================================================================

2011/04/08 10:10:48.0174 0792        Scan started

2011/04/08 10:10:48.0174 0792        Mode: Manual; 

2011/04/08 10:10:48.0174 0792        ================================================================================

2011/04/08 10:10:49.0344 0792        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/04/08 10:10:49.0422 0792        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/04/08 10:10:49.0453 0792        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/04/08 10:10:49.0500 0792        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/04/08 10:10:49.0531 0792        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/04/08 10:10:49.0625 0792        AF15BDA         (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys

2011/04/08 10:10:49.0671 0792        AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/04/08 10:10:49.0718 0792        agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2011/04/08 10:10:49.0765 0792        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/04/08 10:10:49.0796 0792        aliide          (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

2011/04/08 10:10:49.0827 0792        amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2011/04/08 10:10:49.0859 0792        amdide          (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

2011/04/08 10:10:49.0890 0792        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/04/08 10:10:49.0921 0792        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/04/08 10:10:49.0983 0792        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/04/08 10:10:50.0030 0792        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/04/08 10:10:50.0061 0792        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/08 10:10:50.0108 0792        atapi           (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys

2011/04/08 10:10:50.0155 0792        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys

2011/04/08 10:10:50.0233 0792        b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/04/08 10:10:50.0295 0792        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/04/08 10:10:50.0514 0792        BHDrvx86        (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys

2011/04/08 10:10:50.0779 0792        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/08 10:10:50.0826 0792        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/04/08 10:10:50.0857 0792        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/04/08 10:10:50.0888 0792        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/04/08 10:10:50.0997 0792        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/04/08 10:10:51.0091 0792        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/04/08 10:10:51.0107 0792        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/04/08 10:10:51.0169 0792        BthAvrcp        (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys

2011/04/08 10:10:51.0200 0792        BthEnum         (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/04/08 10:10:51.0263 0792        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/04/08 10:10:51.0309 0792        BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys

2011/04/08 10:10:51.0356 0792        BTHPORT         (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys

2011/04/08 10:10:51.0403 0792        BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys

2011/04/08 10:10:51.0450 0792        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/08 10:10:51.0528 0792        cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/04/08 10:10:51.0575 0792        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/04/08 10:10:51.0621 0792        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/04/08 10:10:51.0668 0792        CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/08 10:10:51.0684 0792        cmdide          (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

2011/04/08 10:10:51.0762 0792        CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys

2011/04/08 10:10:51.0809 0792        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/04/08 10:10:51.0840 0792        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/04/08 10:10:51.0871 0792        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/04/08 10:10:51.0933 0792        CSC             (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys

2011/04/08 10:10:51.0980 0792        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/04/08 10:10:52.0058 0792        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/04/08 10:10:52.0121 0792        drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/04/08 10:10:52.0167 0792        DXGKrnl         (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/08 10:10:52.0277 0792        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/08 10:10:52.0323 0792        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/04/08 10:10:52.0433 0792        eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/04/08 10:10:52.0495 0792        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/04/08 10:10:52.0557 0792        EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/04/08 10:10:52.0604 0792        fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/04/08 10:10:52.0635 0792        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/04/08 10:10:52.0682 0792        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/04/08 10:10:52.0698 0792        Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/04/08 10:10:52.0729 0792        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/04/08 10:10:52.0760 0792        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/04/08 10:10:52.0807 0792        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/08 10:10:52.0838 0792        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/04/08 10:10:52.0916 0792        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/04/08 10:10:52.0963 0792        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/04/08 10:10:52.0994 0792        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/04/08 10:10:53.0025 0792        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/04/08 10:10:53.0072 0792        HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

2011/04/08 10:10:53.0135 0792        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys

2011/04/08 10:10:53.0181 0792        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/04/08 10:10:53.0291 0792        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2011/04/08 10:10:53.0369 0792        hwdatacard      (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys

2011/04/08 10:10:53.0415 0792        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/04/08 10:10:53.0462 0792        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/04/08 10:10:53.0571 0792        ialm            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/04/08 10:10:53.0665 0792        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/04/08 10:10:53.0883 0792        IDSVix86        (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110406.001\IDSvix86.sys

2011/04/08 10:10:54.0071 0792        igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/04/08 10:10:54.0149 0792        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/04/08 10:10:54.0195 0792        intelide        (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys

2011/04/08 10:10:54.0227 0792        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/08 10:10:54.0289 0792        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/08 10:10:54.0351 0792        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/04/08 10:10:54.0383 0792        IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/04/08 10:10:54.0414 0792        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/04/08 10:10:54.0445 0792        isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2011/04/08 10:10:54.0492 0792        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/04/08 10:10:54.0523 0792        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/04/08 10:10:54.0554 0792        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/04/08 10:10:54.0601 0792        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/04/08 10:10:54.0663 0792        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2011/04/08 10:10:54.0710 0792        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/08 10:10:54.0804 0792        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/04/08 10:10:54.0866 0792        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/04/08 10:10:54.0913 0792        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/08 10:10:54.0944 0792        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/04/08 10:10:54.0975 0792        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/04/08 10:10:55.0007 0792        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/04/08 10:10:55.0069 0792        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/04/08 10:10:55.0163 0792        luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/04/08 10:10:55.0209 0792        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/04/08 10:10:55.0272 0792        Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/04/08 10:10:55.0319 0792        monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/08 10:10:55.0381 0792        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/04/08 10:10:55.0428 0792        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/08 10:10:55.0459 0792        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/04/08 10:10:55.0506 0792        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/04/08 10:10:55.0553 0792        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/08 10:10:55.0584 0792        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/04/08 10:10:55.0615 0792        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/04/08 10:10:55.0662 0792        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/08 10:10:55.0693 0792        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/08 10:10:55.0724 0792        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/08 10:10:55.0771 0792        msahci          (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys

2011/04/08 10:10:55.0833 0792        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/04/08 10:10:55.0896 0792        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/04/08 10:10:55.0943 0792        msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys

2011/04/08 10:10:55.0974 0792        MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/08 10:10:56.0021 0792        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/08 10:10:56.0099 0792        MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/04/08 10:10:56.0379 0792        MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/04/08 10:10:56.0426 0792        mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/04/08 10:10:56.0473 0792        MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/04/08 10:10:56.0504 0792        Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/04/08 10:10:56.0567 0792        NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/08 10:10:56.0769 0792        NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVENG.SYS

2011/04/08 10:10:56.0863 0792        NAVEX15         (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVEX15.SYS

2011/04/08 10:10:57.0019 0792        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/04/08 10:10:57.0066 0792        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/08 10:10:57.0097 0792        Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/08 10:10:57.0128 0792        NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/08 10:10:57.0144 0792        NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/04/08 10:10:57.0175 0792        NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/08 10:10:57.0237 0792        netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/08 10:10:57.0440 0792        NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys

2011/04/08 10:10:57.0534 0792        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/04/08 10:10:57.0596 0792        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/04/08 10:10:57.0627 0792        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/08 10:10:57.0752 0792        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/04/08 10:10:57.0846 0792        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/04/08 10:10:57.0877 0792        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/04/08 10:10:57.0908 0792        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/04/08 10:10:57.0939 0792        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/04/08 10:10:57.0986 0792        nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2011/04/08 10:10:58.0064 0792        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/04/08 10:10:58.0142 0792        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys

2011/04/08 10:10:58.0158 0792        partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/04/08 10:10:58.0189 0792        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys

2011/04/08 10:10:58.0251 0792        pci             (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys

2011/04/08 10:10:58.0283 0792        pciide          (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys

2011/04/08 10:10:58.0329 0792        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/04/08 10:10:58.0407 0792        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/04/08 10:10:58.0548 0792        PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/08 10:10:58.0579 0792        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/04/08 10:10:58.0641 0792        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/08 10:10:58.0704 0792        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

2011/04/08 10:10:58.0766 0792        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/04/08 10:10:58.0829 0792        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/04/08 10:10:58.0875 0792        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/08 10:10:58.0907 0792        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/08 10:10:58.0969 0792        Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/08 10:10:59.0016 0792        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/08 10:10:59.0063 0792        rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/08 10:10:59.0094 0792        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/08 10:10:59.0141 0792        rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys

2011/04/08 10:10:59.0172 0792        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/08 10:10:59.0203 0792        RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/04/08 10:10:59.0281 0792        RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/04/08 10:10:59.0328 0792        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/08 10:10:59.0390 0792        RTL8169         (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/04/08 10:10:59.0421 0792        RTSTOR          (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS

2011/04/08 10:10:59.0468 0792        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/04/08 10:10:59.0515 0792        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/08 10:10:59.0546 0792        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

2011/04/08 10:10:59.0593 0792        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys

2011/04/08 10:10:59.0624 0792        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2011/04/08 10:10:59.0671 0792        sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2011/04/08 10:10:59.0702 0792        sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/08 10:10:59.0718 0792        sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2011/04/08 10:10:59.0749 0792        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/04/08 10:10:59.0796 0792        sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2011/04/08 10:10:59.0827 0792        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/04/08 10:10:59.0874 0792        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/04/08 10:10:59.0905 0792        Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/04/08 10:10:59.0936 0792        spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/04/08 10:11:00.0014 0792        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/04/08 10:11:00.0014 0792        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/04/08 10:11:00.0030 0792        sptd - detected Locked file (1)

2011/04/08 10:11:00.0123 0792        SRTSP           (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS

2011/04/08 10:11:00.0170 0792        SRTSPX          (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS

2011/04/08 10:11:00.0217 0792        srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/04/08 10:11:00.0264 0792        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/08 10:11:00.0311 0792        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/08 10:11:00.0435 0792        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys

2011/04/08 10:11:00.0482 0792        swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys

2011/04/08 10:11:00.0529 0792        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/04/08 10:11:00.0623 0792        SymDS           (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS

2011/04/08 10:11:00.0685 0792        SymEFA          (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS

2011/04/08 10:11:00.0747 0792        SymEvent        (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/04/08 10:11:00.0810 0792        SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS

2011/04/08 10:11:00.0872 0792        SYMTDIv         (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS

2011/04/08 10:11:00.0935 0792        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/04/08 10:11:00.0966 0792        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/04/08 10:11:01.0013 0792        SynTP           (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys

2011/04/08 10:11:01.0091 0792        Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2011/04/08 10:11:01.0153 0792        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/08 10:11:01.0184 0792        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/08 10:11:01.0215 0792        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/04/08 10:11:01.0262 0792        TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/04/08 10:11:01.0293 0792        tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/08 10:11:01.0340 0792        TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys

2011/04/08 10:11:01.0434 0792        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/08 10:11:01.0481 0792        tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/04/08 10:11:01.0512 0792        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/08 10:11:01.0543 0792        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/04/08 10:11:01.0590 0792        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/08 10:11:01.0637 0792        uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/08 10:11:01.0668 0792        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/04/08 10:11:01.0715 0792        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/04/08 10:11:01.0746 0792        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/04/08 10:11:01.0793 0792        umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/04/08 10:11:01.0871 0792        USB28xxBGA      (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys

2011/04/08 10:11:01.0902 0792        USB28xxOEM      (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys

2011/04/08 10:11:01.0949 0792        usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys

2011/04/08 10:11:01.0995 0792        usbccgp         (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/04/08 10:11:02.0042 0792        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/04/08 10:11:02.0089 0792        UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2011/04/08 10:11:02.0151 0792        usbehci         (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/08 10:11:02.0198 0792        usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys

2011/04/08 10:11:02.0261 0792        USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2011/04/08 10:11:02.0292 0792        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/04/08 10:11:02.0323 0792        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/04/08 10:11:02.0385 0792        usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

2011/04/08 10:11:02.0448 0792        usbsermptxp     (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys

2011/04/08 10:11:02.0479 0792        USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/08 10:11:02.0541 0792        usbuhci         (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/08 10:11:02.0604 0792        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/08 10:11:02.0651 0792        VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/04/08 10:11:02.0682 0792        viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2011/04/08 10:11:02.0713 0792        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/04/08 10:11:02.0744 0792        viaide          (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

2011/04/08 10:11:02.0791 0792        volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys

2011/04/08 10:11:02.0838 0792        volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/04/08 10:11:02.0900 0792        volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/04/08 10:11:02.0931 0792        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/04/08 10:11:02.0978 0792        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/04/08 10:11:03.0025 0792        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/08 10:11:03.0041 0792        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/08 10:11:03.0087 0792        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/04/08 10:11:03.0134 0792        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/08 10:11:03.0243 0792        WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/04/08 10:11:03.0321 0792        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/04/08 10:11:03.0353 0792        ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/08 10:11:03.0415 0792        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/04/08 10:11:03.0477 0792        \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/04/08 10:11:03.0477 0792        ================================================================================

2011/04/08 10:11:03.0477 0792        Scan finished

2011/04/08 10:11:03.0477 0792        ================================================================================

2011/04/08 10:11:03.0493 1332        Detected object count: 2

2011/04/08 10:19:22.0007 1332        HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot

2011/04/08 10:19:22.0038 1332        HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot

2011/04/08 10:19:22.0069 1332        C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot

2011/04/08 10:19:22.0069 1332        Locked file(sptd) - User select action: Delete 

2011/04/08 10:19:22.0147 1332        \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/04/08 10:19:22.0147 1332        \HardDisk0 - ok

2011/04/08 10:19:22.0147 1332        Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 

2011/04/08 10:19:36.0671 3436        Deinitialize success

Danke und Gruß,
Stephi

TDL4 wurde erkannt und entfernt. Bitte Windows neu starten und den TDSS-Killer zur Kontrolle nochmal ausführen - Log posten.

Wow, nach Kaspersky Tool keine Angriffe, Weiterleitungen, Windows Dienst Fehlermeldungen und XP-Designs mehr, jubelfreu :daumenhoc
Und Windows Update funzt auch wieder!!!, bin beeindruckt (auch wenn wir bestimmt noch nicht fertig sind)

rootkit log:

Code:

2011/04/08 11:08:38.0538 1852        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/08 11:08:39.0849 1852        ================================================================================

2011/04/08 11:08:39.0849 1852        SystemInfo:

2011/04/08 11:08:39.0849 1852        

2011/04/08 11:08:39.0849 1852        OS Version: 6.0.6000 ServicePack: 0.0

2011/04/08 11:08:39.0849 1852        Product type: Workstation

2011/04/08 11:08:39.0849 1852        ComputerName: ZAPHOD-LAB

2011/04/08 11:08:39.0849 1852        UserName: Zaphod

2011/04/08 11:08:39.0849 1852        Windows directory: C:\Windows

2011/04/08 11:08:39.0849 1852        System windows directory: C:\Windows

2011/04/08 11:08:39.0849 1852        Processor architecture: Intel x86

2011/04/08 11:08:39.0849 1852        Number of processors: 2

2011/04/08 11:08:39.0849 1852        Page size: 0x1000

2011/04/08 11:08:39.0849 1852        Boot type: Normal boot

2011/04/08 11:08:39.0849 1852        ================================================================================

2011/04/08 11:08:40.0925 1852        Initialize success

2011/04/08 11:08:43.0920 3808        ================================================================================

2011/04/08 11:08:43.0920 3808        Scan started

2011/04/08 11:08:43.0920 3808        Mode: Manual; 

2011/04/08 11:08:43.0920 3808        ================================================================================

2011/04/08 11:08:45.0356 3808        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/04/08 11:08:45.0512 3808        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/04/08 11:08:45.0558 3808        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/04/08 11:08:45.0605 3808        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/04/08 11:08:45.0652 3808        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/04/08 11:08:45.0730 3808        AF15BDA         (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys

2011/04/08 11:08:45.0792 3808        AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/04/08 11:08:45.0839 3808        agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2011/04/08 11:08:45.0886 3808        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/04/08 11:08:45.0917 3808        aliide          (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

2011/04/08 11:08:45.0948 3808        amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2011/04/08 11:08:45.0980 3808        amdide          (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

2011/04/08 11:08:46.0026 3808        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/04/08 11:08:46.0058 3808        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/04/08 11:08:46.0120 3808        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/04/08 11:08:46.0151 3808        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/04/08 11:08:46.0198 3808        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/08 11:08:46.0245 3808        atapi           (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys

2011/04/08 11:08:46.0307 3808        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys

2011/04/08 11:08:46.0370 3808        b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/04/08 11:08:46.0432 3808        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/04/08 11:08:46.0666 3808        BHDrvx86        (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys

2011/04/08 11:08:46.0744 3808        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/08 11:08:46.0791 3808        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/04/08 11:08:46.0822 3808        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/04/08 11:08:46.0869 3808        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/04/08 11:08:46.0900 3808        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/04/08 11:08:46.0931 3808        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/04/08 11:08:46.0947 3808        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/04/08 11:08:47.0009 3808        BthAvrcp        (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys

2011/04/08 11:08:47.0072 3808        BthEnum         (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/04/08 11:08:47.0118 3808        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/04/08 11:08:47.0181 3808        BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys

2011/04/08 11:08:47.0228 3808        BTHPORT         (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys

2011/04/08 11:08:47.0274 3808        BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys

2011/04/08 11:08:47.0321 3808        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/08 11:08:47.0384 3808        cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/04/08 11:08:47.0430 3808        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/04/08 11:08:47.0477 3808        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/04/08 11:08:47.0540 3808        CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/08 11:08:47.0555 3808        cmdide          (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

2011/04/08 11:08:47.0633 3808        CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys

2011/04/08 11:08:47.0696 3808        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/04/08 11:08:47.0727 3808        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/04/08 11:08:47.0774 3808        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/04/08 11:08:47.0836 3808        CSC             (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys

2011/04/08 11:08:47.0867 3808        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/04/08 11:08:47.0945 3808        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/04/08 11:08:48.0023 3808        drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/04/08 11:08:48.0070 3808        DXGKrnl         (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/08 11:08:48.0164 3808        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/08 11:08:48.0210 3808        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/04/08 11:08:48.0335 3808        eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/04/08 11:08:48.0398 3808        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/04/08 11:08:48.0444 3808        EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/04/08 11:08:48.0491 3808        fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/04/08 11:08:48.0538 3808        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/04/08 11:08:48.0569 3808        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/04/08 11:08:48.0616 3808        Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/04/08 11:08:48.0647 3808        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/04/08 11:08:48.0663 3808        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/04/08 11:08:48.0725 3808        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/08 11:08:48.0756 3808        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/04/08 11:08:48.0819 3808        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/04/08 11:08:48.0881 3808        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/04/08 11:08:48.0912 3808        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/04/08 11:08:48.0944 3808        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/04/08 11:08:49.0006 3808        HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

2011/04/08 11:08:49.0068 3808        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys

2011/04/08 11:08:49.0100 3808        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/04/08 11:08:49.0146 3808        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2011/04/08 11:08:49.0224 3808        hwdatacard      (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys

2011/04/08 11:08:49.0256 3808        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/04/08 11:08:49.0334 3808        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/04/08 11:08:49.0412 3808        ialm            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/04/08 11:08:49.0505 3808        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/04/08 11:08:49.0755 3808        IDSVix86        (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys

2011/04/08 11:08:49.0942 3808        igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/04/08 11:08:50.0004 3808        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/04/08 11:08:50.0082 3808        intelide        (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys

2011/04/08 11:08:50.0114 3808        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/08 11:08:50.0160 3808        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/08 11:08:50.0223 3808        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/04/08 11:08:50.0270 3808        IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/04/08 11:08:50.0301 3808        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/04/08 11:08:50.0332 3808        isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2011/04/08 11:08:50.0394 3808        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/04/08 11:08:50.0410 3808        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/04/08 11:08:50.0441 3808        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/04/08 11:08:50.0628 3808        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/04/08 11:08:50.0722 3808        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2011/04/08 11:08:50.0784 3808        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/08 11:08:50.0894 3808        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/04/08 11:08:50.0956 3808        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/04/08 11:08:50.0987 3808        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/08 11:08:51.0018 3808        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/04/08 11:08:51.0065 3808        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/04/08 11:08:51.0112 3808        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/04/08 11:08:51.0159 3808        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/04/08 11:08:51.0206 3808        luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/04/08 11:08:51.0252 3808        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/04/08 11:08:51.0299 3808        Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/04/08 11:08:51.0346 3808        monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/08 11:08:51.0408 3808        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/04/08 11:08:51.0440 3808        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/08 11:08:51.0471 3808        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/04/08 11:08:51.0518 3808        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/04/08 11:08:51.0564 3808        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/08 11:08:51.0596 3808        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/04/08 11:08:51.0642 3808        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/04/08 11:08:51.0689 3808        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/08 11:08:51.0720 3808        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/08 11:08:51.0752 3808        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/08 11:08:51.0814 3808        msahci          (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys

2011/04/08 11:08:51.0845 3808        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/04/08 11:08:51.0892 3808        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/04/08 11:08:51.0939 3808        msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys

2011/04/08 11:08:51.0970 3808        MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/08 11:08:52.0017 3808        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/08 11:08:52.0064 3808        MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/04/08 11:08:52.0095 3808        MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/04/08 11:08:52.0142 3808        mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/04/08 11:08:52.0173 3808        MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/04/08 11:08:52.0204 3808        Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/04/08 11:08:52.0266 3808        NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/08 11:08:52.0422 3808        NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVENG.SYS

2011/04/08 11:08:52.0500 3808        NAVEX15         (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVEX15.SYS

2011/04/08 11:08:52.0656 3808        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/04/08 11:08:52.0719 3808        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/08 11:08:52.0766 3808        Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/08 11:08:52.0812 3808        NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/08 11:08:52.0859 3808        NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/04/08 11:08:52.0890 3808        NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/08 11:08:52.0937 3808        netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/08 11:08:53.0062 3808        NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys

2011/04/08 11:08:53.0140 3808        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/04/08 11:08:53.0218 3808        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/04/08 11:08:53.0249 3808        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/08 11:08:53.0327 3808        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/04/08 11:08:53.0390 3808        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/04/08 11:08:53.0421 3808        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/04/08 11:08:53.0452 3808        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/04/08 11:08:53.0499 3808        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/04/08 11:08:53.0530 3808        nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2011/04/08 11:08:53.0624 3808        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/04/08 11:08:53.0702 3808        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys

2011/04/08 11:08:53.0733 3808        partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/04/08 11:08:53.0764 3808        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys

2011/04/08 11:08:53.0826 3808        pci             (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys

2011/04/08 11:08:53.0858 3808        pciide          (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys

2011/04/08 11:08:53.0889 3808        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/04/08 11:08:53.0967 3808        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/04/08 11:08:54.0092 3808        PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/08 11:08:54.0123 3808        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/04/08 11:08:54.0201 3808        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/08 11:08:54.0248 3808        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

2011/04/08 11:08:54.0310 3808        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/04/08 11:08:54.0388 3808        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/04/08 11:08:54.0419 3808        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/08 11:08:54.0450 3808        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/08 11:08:54.0528 3808        Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/08 11:08:54.0575 3808        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/08 11:08:54.0622 3808        rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/08 11:08:54.0653 3808        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/08 11:08:54.0700 3808        rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys

2011/04/08 11:08:54.0731 3808        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/08 11:08:54.0762 3808        RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/04/08 11:08:54.0840 3808        RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/04/08 11:08:54.0887 3808        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/08 11:08:54.0934 3808        RTL8169         (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/04/08 11:08:54.0981 3808        RTSTOR          (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS

2011/04/08 11:08:55.0012 3808        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/04/08 11:08:55.0059 3808        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/08 11:08:55.0106 3808        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

2011/04/08 11:08:55.0152 3808        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys

2011/04/08 11:08:55.0199 3808        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2011/04/08 11:08:55.0246 3808        sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2011/04/08 11:08:55.0277 3808        sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/08 11:08:55.0293 3808        sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2011/04/08 11:08:55.0324 3808        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/04/08 11:08:55.0371 3808        sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2011/04/08 11:08:55.0402 3808        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/04/08 11:08:55.0433 3808        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/04/08 11:08:55.0480 3808        Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/04/08 11:08:55.0511 3808        spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/04/08 11:08:55.0620 3808        SRTSP           (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS

2011/04/08 11:08:55.0667 3808        SRTSPX          (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS

2011/04/08 11:08:55.0761 3808        srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/04/08 11:08:55.0808 3808        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/08 11:08:55.0854 3808        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/08 11:08:55.0948 3808        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys

2011/04/08 11:08:55.0995 3808        swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys

2011/04/08 11:08:56.0042 3808        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/04/08 11:08:56.0120 3808        SymDS           (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS

2011/04/08 11:08:56.0198 3808        SymEFA          (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS

2011/04/08 11:08:56.0276 3808        SymEvent        (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/04/08 11:08:56.0338 3808        SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS

2011/04/08 11:08:56.0400 3808        SYMTDIv         (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS

2011/04/08 11:08:56.0447 3808        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/04/08 11:08:56.0478 3808        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/04/08 11:08:56.0510 3808        SynTP           (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys

2011/04/08 11:08:56.0603 3808        Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2011/04/08 11:08:56.0650 3808        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/08 11:08:56.0681 3808        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/08 11:08:56.0728 3808        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/04/08 11:08:56.0759 3808        TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/04/08 11:08:56.0806 3808        tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/08 11:08:56.0853 3808        TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys

2011/04/08 11:08:56.0915 3808        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/08 11:08:56.0962 3808        tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/04/08 11:08:56.0993 3808        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/08 11:08:57.0024 3808        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/04/08 11:08:57.0056 3808        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/08 11:08:57.0102 3808        uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/08 11:08:57.0149 3808        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/04/08 11:08:57.0180 3808        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/04/08 11:08:57.0212 3808        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/04/08 11:08:57.0258 3808        umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/04/08 11:08:57.0336 3808        USB28xxBGA      (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys

2011/04/08 11:08:57.0368 3808        USB28xxOEM      (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys

2011/04/08 11:08:57.0430 3808        usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys

2011/04/08 11:08:57.0477 3808        usbccgp         (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/04/08 11:08:57.0539 3808        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/04/08 11:08:57.0586 3808        UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2011/04/08 11:08:57.0648 3808        usbehci         (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/08 11:08:57.0695 3808        usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys

2011/04/08 11:08:57.0758 3808        USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2011/04/08 11:08:57.0789 3808        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/04/08 11:08:57.0836 3808        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/04/08 11:08:57.0898 3808        usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

2011/04/08 11:08:57.0945 3808        usbsermptxp     (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys

2011/04/08 11:08:57.0992 3808        USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/08 11:08:58.0054 3808        usbuhci         (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/08 11:08:58.0116 3808        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/08 11:08:58.0163 3808        VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/04/08 11:08:58.0194 3808        viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2011/04/08 11:08:58.0226 3808        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/04/08 11:08:58.0257 3808        viaide          (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

2011/04/08 11:08:58.0304 3808        volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys

2011/04/08 11:08:58.0350 3808        volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/04/08 11:08:58.0413 3808        volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/04/08 11:08:58.0444 3808        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/04/08 11:08:58.0506 3808        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/04/08 11:08:58.0538 3808        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/08 11:08:58.0553 3808        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/08 11:08:58.0600 3808        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/04/08 11:08:58.0647 3808        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/08 11:08:58.0772 3808        WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/04/08 11:08:58.0850 3808        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/04/08 11:08:58.0896 3808        ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/08 11:08:58.0943 3808        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/04/08 11:08:59.0037 3808        ================================================================================

2011/04/08 11:08:59.0037 3808        Scan finished

2011/04/08 11:08:59.0037 3808        ================================================================================

2011/04/08 11:09:15.0604 2020        Deinitialize success

:dankeschoen: und Gruß,
Stephi

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hallo Arne,

Combofix lief problemlos. Hier die logfile:

Code:

ComboFix 11-04-07.08 - Zaphod 08.04.2011  12:24:30.1.2 - x86

Microsoft® Windows Vista™ Business   6.0.6000.0.1252.49.1031.18.2038.1037 [GMT 2:00]

ausgeführt von:: c:\users\Zaphod\Downloads\cofi.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-08 bis 2011-04-08  ))))))))))))))))))))))))))))))

.

.

2011-04-08 10:35 . 2011-04-08 10:35        --------        d-----w-        c:\users\Zaphod\AppData\Local\temp

2011-04-08 10:13 . 2011-04-08 10:13        --------        d-----w-        c:\program files\CCleaner

2011-04-07 19:12 . 2011-04-07 19:12        --------        d-----w-        C:\_OTL

2011-04-06 15:22 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-06 15:22 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-06 12:03 . 2011-04-06 12:03        --------        d-----w-        c:\program files\Common Files\Java

2011-04-06 12:02 . 2011-04-06 12:02        --------        d-----w-        c:\program files\Java

2011-04-06 11:59 . 2011-04-06 11:59        --------        d-----w-        c:\programdata\Apple Computer

2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

2011-04-06 11:59 . 2010-03-17 20:53        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2011-04-06 11:59 . 2010-03-17 20:53        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2011-04-06 11:59 . 2010-03-17 20:53        180224        ----a-w-        c:\windows\system32\QTCF.dll

2011-04-06 11:59 . 2011-04-06 11:59        --------        d-----w-        c:\program files\QuickTime Alternative

2011-04-06 10:18 . 2011-04-06 11:34        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2011-04-06 10:18 . 2011-04-06 11:32        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2011-04-06 08:52 . 2011-04-06 08:52        --------        d-----w-        c:\users\Zaphod\AppData\Roaming\Malwarebytes

2011-04-06 08:52 . 2011-04-06 08:52        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-06 08:52 . 2011-04-06 15:22        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-03-29 08:11 . 2011-03-29 08:11        --------        d-----w-        c:\users\Zaphod\AppData\Local\DDMSettings

2011-03-27 19:59 . 2011-03-27 19:59        --------        d-----w-        c:\program files\Common Files\DivX Shared

2011-03-26 12:36 . 2011-03-26 12:36        --------        d-----w-        c:\users\Zaphod\AppData\Roaming\EAC

2011-03-26 12:36 . 2011-03-26 12:36        --------        d-----w-        c:\program files\Exact Audio Copy

2011-03-26 09:54 . 2011-03-26 09:54        --------        d-----w-        c:\programdata\Driver Whiz

2011-03-24 21:12 . 2009-03-17 09:38        364544        ----a-w-        c:\windows\system32\MACDll.dll

2011-03-24 21:12 . 2009-01-19 18:39        246424        ----a-w-        c:\windows\system32\unicows.dll

2011-03-24 21:12 . 2011-03-24 21:12        --------        d-----w-        c:\program files\Monkey's Audio

2011-03-24 13:30 . 2011-03-24 13:30        --------        d-----w-        c:\program files\LG Electronics

2011-03-24 13:12 . 2011-03-24 13:12        --------        d-----w-        c:\users\Zaphod\AppData\Roaming\Amazon

2011-03-24 13:11 . 2011-03-24 13:11        --------        d-----w-        c:\program files\Amazon

2011-03-24 12:42 . 2009-09-04 16:29        1892184        ----a-w-        c:\windows\system32\D3DX9_42.dll

2011-03-24 12:41 . 2011-03-24 12:41        --------        d-----w-        c:\program files\Winamp Detect

2011-03-24 12:39 . 2011-04-08 10:15        --------        d-----w-        c:\users\Zaphod\AppData\Roaming\Winamp

2011-03-24 12:39 . 2011-03-24 12:42        --------        d-----w-        c:\program files\Winamp

2011-03-17 19:57 . 2011-03-17 19:57        12800        ----a-w-        c:\program files\Mozilla Firefox\plugins\npwachk.dll

2011-03-09 11:22 . 2011-04-06 12:00        --------        d-----w-        c:\program files\DivX

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 12:02 . 2010-12-27 15:09        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-04-02 13:46 . 2006-11-02 10:32        101376        ----a-w-        c:\windows\system32\ifxcardm.dll

2011-04-02 13:46 . 2006-11-02 10:32        79872        ----a-w-        c:\windows\system32\axaltocm.dll

2011-04-02 11:38 . 2010-12-28 13:53        47560        ----a-w-        c:\windows\system32\SPReview.exe

2011-04-02 11:38 . 2010-12-28 13:53        152576        ----a-w-        c:\windows\system32\SPWizUI.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-5 813584]

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk

backup=c:\windows\pss\Photo Express Calendar Checker SE.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk

backup=c:\windows\pss\Remote Control.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Zaphod^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

path=c:\users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

backup=c:\windows\pss\PowerReg Scheduler V3.exe.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2006-12-22 05:29        67752        ----a-w-        c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Center Agent]

2009-08-18 19:02        1520128        ----a-w-        c:\program files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 21:10        1230704        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]

2007-04-26 17:29        188416        ----a-w-        c:\program files\Launch Manager\HotkeyApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55        55824        ----a-w-        c:\windows\KHALMNPR.Exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 13:40        155648        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

2006-12-01 20:28        95800        ----a-w-        c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]

1998-07-03 10:51        25088        ------w-        c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 12:49        249064        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2008-01-19 11:41        185896        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-03-17 19:56        74752        ----a-w-        c:\program files\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 12:36        201728        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe

.

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]

R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]

R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-02-25 800376]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys [2011-03-14 353912]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-15 102448]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

bthsvcs        REG_MULTI_SZ           BthServ

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10]

.

2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Zaphod\AppData\Roaming\Mozilla\Firefox\Profiles\3pbm62fv.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn

FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-klmdb.sys

MSConfigStartUp-cleansweep - c:\cleansweep.exe\cleansweep.exe

MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe

MSConfigStartUp-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe

MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-Wbutton - c:\program files\Launch Manager\WButton.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-04-08 12:35

Windows 6.0.6000  NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-04-08  12:40:43

ComboFix-quarantined-files.txt  2011-04-08 10:40

.

Vor Suchlauf: 13 Verzeichnis(se), 184.853.966.848 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 184.252.383.232 Bytes frei

.

- - End Of File - - 32828BEAC649B8580D4EA4B5001AC5D0

Gruß,
Stephi :)

Zitat:

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

Wieso wurd eigentlich noch kein einziges Update installiert?
Wo ist das SP2? Nichtmal SP1 ist drauf! Wo ist IE9 oder zumindest IE8?

Hallo Arne,

ich versteh das auch nicht. Die automatischen Updates über Windows Update habe ich immer ausgeführt. Dachte eigentlich, dass dieses Programm auch die SP's installiert. War aber nicht so.
Habe deshalb mehrmals (gerade eben auch noch einmal) versucht, das SP1 manuell zu installieren. Klappt aber nicht. Sagt mir immer am Ende der Installation, dass SP1 nicht installiert werden konnte und alle Änderungen rückgängig gemacht werden. (Norton, Windows Firewall und Defender waren immer ausgeschaltet und ich habe das SP auch immer als Admin gestartet). Wenn er wieder hochfährt, zeigt er mir den Fehlercode 0x800F0826 an.
Soll ich Norton deinstallieren? Mir fällt nix mehr ein. :confused:

Grüße,
Stephi

Downloade Dir bitte WVCheck von Artellos.com

Speichere die Datei auf dem Desktop. ( solltest Du dir die .zip Datei herunter geladen haben musst Du diese zuerst entpacken )
Starte die .exe mit Doppelklick
Vista und Win7 User: mit Rechtsklick "als Admin ausführen" starten
Wie beschrieben, kann das Tool eine Weile brauchen.
Wenn es erledigt ist, kopiere den Inhalt des Textdokumentes hier in deinen Thread

Hallo Arne,

Hab nochmal eine Installation versucht, wieder nix.
hier das log:

Code:

Windows Validation Check

Version: 1.9.11.5

Log Created On: 2215_08-04-2011

-----------------------
 

Windows Information

-----------------------

Windows Version: Windows Vista  

Windows Mode: Normal

Systemroot Path: C:\Windows
 

WVCheck's Auto Update Check

-----------------------

Auto-Update Option: Download updates and install them automatically.

-----------------------

Last Success Time for Update Detection: 2011-04-08 19:24:22

Last Success Time for Update Download: 2011-04-08 19:29:51

Last Success Time for Update Installation: 2011-04-08 19:54:28
 
 

WVCheck's Registry Check Check

-----------------------

Antiwpa: Not Found

-----------------------

Chew7Hale: Not Found

-----------------------
 
 

WVCheck's File Dump

-----------------------

WVCheck found no known bad files.
 
 

WVCheck's Dir Dump

-----------------------

WVCheck found no known bad directories.
 
 

WVCheck's Missing File Check

-----------------------

WVCheck found no missing Windows files.
 
 

WVCheck's MBAM Quarantine Check

-----------------------

There were no bad files quarantined by MBAM.
 
 

WVCheck's HOSTS File Check

-----------------------

WVCheck found no bad lines in the hosts file.
 
 

WVCheck's MD5 Check

EXPERIMENTAL!!

-----------------------

user32.dll - 63b4f59d7c89b1bf5277f1ffefd491cd
 
 

-------- End of File, program close at 2215_08-04-2011 --------

Grüße und :dankeschoen:,
Stephi

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hallo Arne,

habe alles erledigt. Hier kommen die logs:

GMER:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-04-10 10:08:29

Windows 6.0.6000  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-22UST0 rev.01.01A01

Running: ygfyry6u.exe; Driver: C:\Users\Zaphod\AppData\Local\Temp\uwlyipow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            90DA7A80                                                                                                                                                                    ZwAlertResumeThread

SSDT            90DA7B60                                                                                                                                                                    ZwAlertThread

SSDT            91D01528                                                                                                                                                                    ZwAllocateVirtualMemory

SSDT            90CBC308                                                                                                                                                                    ZwAlpcConnectPort

SSDT            90DA7228                                                                                                                                                                    ZwAssignProcessToJobObject

SSDT            90DA77D0                                                                                                                                                                    ZwCreateMutant

SSDT            90DFDF18                                                                                                                                                                    ZwCreateSymbolicLinkObject

SSDT            91D01A30                                                                                                                                                                    ZwCreateThread

SSDT            90DA7308                                                                                                                                                                    ZwDebugActiveProcess

SSDT            91D016F8                                                                                                                                                                    ZwDuplicateObject

SSDT            91D01348                                                                                                                                                                    ZwFreeVirtualMemory

SSDT            90DA78C0                                                                                                                                                                    ZwImpersonateAnonymousToken

SSDT            90DA79A0                                                                                                                                                                    ZwImpersonateThread

SSDT            90C96CE8                                                                                                                                                                    ZwLoadDriver

SSDT            91D01248                                                                                                                                                                    ZwMapViewOfSection

SSDT            90DA76F0                                                                                                                                                                    ZwOpenEvent

SSDT            91D018D8                                                                                                                                                                    ZwOpenProcess

SSDT            91D01618                                                                                                                                                                    ZwOpenProcessToken

SSDT            90DA7530                                                                                                                                                                    ZwOpenSection

SSDT            91D017E8                                                                                                                                                                    ZwOpenThread

SSDT            90DA7138                                                                                                                                                                    ZwProtectVirtualMemory

SSDT            90DA7C40                                                                                                                                                                    ZwResumeThread

SSDT            90DA7EE0                                                                                                                                                                    ZwSetContextThread

SSDT            90DA7FC0                                                                                                                                                                    ZwSetInformationProcess

SSDT            90DA73E8                                                                                                                                                                    ZwSetSystemInformation

SSDT            90DA7610                                                                                                                                                                    ZwSuspendProcess

SSDT            90DA7D20                                                                                                                                                                    ZwSuspendThread

SSDT            91D01B10                                                                                                                                                                    ZwTerminateProcess

SSDT            90DA7E00                                                                                                                                                                    ZwTerminateThread

SSDT            91D01168                                                                                                                                                                    ZwUnmapViewOfSection

SSDT            91D01438                                                                                                                                                                    ZwWriteVirtualMemory

SSDT            90DA7038                                                                                                                                                                    ZwCreateThreadEx
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwCallbackReturn + 53C                                                                                                                                         82880A48 4 Bytes  CALL 9318D3B9 

.text           ntkrnlpa.exe!ZwCallbackReturn + 5CC                                                                                                                                         82880AD8 4 Bytes  CALL FA19DAF4 

.text           ntkrnlpa.exe!ZwCallbackReturn + 7AC                                                                                                                                         82880CB8 4 Bytes  CALL 4B18E730 

.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                                                      section is writeable [0xAF534300, 0x3ACC8, 0xE8000020]

.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                                                      section is writeable [0x8BCE0300, 0x1B7E, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                     Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                     Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                     SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                                     SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                                                   SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b44e39c                                                                                                 

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6b44e39c (not active ControlSet)                                                                             

Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Electronic Arts\Der Pate\xae Das Spiel\eauninstall.exe  1
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 10:17:56 on 10.04.2011
 

OS: Windows Vista Business Edition (Build 6000), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"Bdeadmin.cpl" - ? - C:\Windows\system32\Bdeadmin.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%systemroot%\system32\sstpsvc.dll,-202" (RasSstp) - ? - C:\Windows\System32\DRIVERS\rassstp.sys  (File not found)

"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys

"catchme" (catchme) - ? - C:\Users\Zaphod\AppData\Local\Temp\catchme.sys  (File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys

"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)

"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110408.001\IDSvix86.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys  (File not found)

"Motorola USB Modem Driver for MPT XP" (usbsermptxp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbsermptxp.sys

"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110409.002\NAVENG.SYS

"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110409.002\NAVEX15.SYS

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys

"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1205000.07D\SYMDS.SYS

"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1205000.07D\SYMEFA.SYS

"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS

"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS

"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS

"Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS

"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS

"uwlyipow" (uwlyipow) - ? - C:\Users\Zaphod\AppData\Local\Temp\uwlyipow.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? -   (File not found | COM-object registry key not found)

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll

{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll

{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - ? - C:\Program Files\Logitech\SetPoint\kbcplext.dll

{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - ? - C:\Program Files\Logitech\SetPoint\mcplext.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -   (File not found | COM-object registry key not found)

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"CtrlVol" - ? - C:\Program Files\Launch Manager\CtrlVol.exe  (File not found)

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"

"LaunchAp" - ? - C:\Program Files\Launch Manager\LaunchAp.exe  (File not found)

"Wbutton" - ? - C:\Program Files\Launch Manager\WButton.exe  (File not found)
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"Logitech Bluetooth Service" (LBTServ) - ? - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und zu guter Letzt MBRCHECK:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows Vista Business Edition

Windows Information:                 (build 6000), 32-bit

Base Board Manufacturer:        FUJITSU SIEMENS

BIOS Manufacturer:                Phoenix Technologies LTD

System Manufacturer:                FUJITSU SIEMENS

System Product Name:                ESPRIMO Mobile V5505

Logical Drives Mask:                0x00000024
 

Kernel Drivers (total 158):

  0x82800000 \SystemRoot\system32\ntkrnlpa.exe

  0x82BA1000 \SystemRoot\system32\hal.dll

  0x802C6000 \SystemRoot\system32\kdcom.dll

  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x8025D000 \SystemRoot\system32\PSHED.dll

  0x80255000 \SystemRoot\system32\BOOTVID.dll

  0x8021A000 \SystemRoot\system32\CLFS.SYS

  0x8051F000 \SystemRoot\system32\CI.dll

  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x80461000 \SystemRoot\system32\drivers\acpi.sys

  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys

  0x80434000 \SystemRoot\system32\drivers\pci.sys

  0x80425000 \SystemRoot\system32\drivers\volmgr.sys

  0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys

  0x80404000 \SystemRoot\system32\drivers\intelide.sys

  0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x807A8000 \SystemRoot\System32\drivers\volmgrx.sys

  0x807A0000 \SystemRoot\system32\drivers\atapi.sys

  0x80782000 \SystemRoot\system32\drivers\ataport.SYS

  0x80778000 \SystemRoot\system32\drivers\msahci.sys

  0x80747000 \SystemRoot\system32\drivers\fltmgr.sys

  0x806F0000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMDS.SYS

  0x806E0000 \SystemRoot\system32\drivers\fileinfo.sys

  0x8063C000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMEFA.SYS

  0x80632000 \SystemRoot\System32\Drivers\PxHelp20.sys

  0x826FC000 \SystemRoot\system32\drivers\ndis.sys

  0x80607000 \SystemRoot\system32\drivers\msrpc.sys

  0x826C3000 \SystemRoot\system32\drivers\NETIO.SYS

  0x882F8000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x82659000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x82623000 \SystemRoot\system32\drivers\volsnap.sys

  0x8261B000 \SystemRoot\System32\Drivers\spldr.sys

  0x8260C000 \SystemRoot\System32\drivers\partmgr.sys

  0x882E9000 \SystemRoot\System32\Drivers\mup.sys

  0x882C4000 \SystemRoot\System32\drivers\ecache.sys

  0x882B3000 \SystemRoot\system32\drivers\disk.sys

  0x88292000 \SystemRoot\system32\drivers\CLASSPNP.SYS

  0x82603000 \SystemRoot\system32\drivers\crcdisk.sys

  0x8B415000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x8902B000 \SystemRoot\system32\DRIVERS\tunmp.sys

  0x89034000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x8B407000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x8CD45000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

  0x8BC43000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x8BD3D000 \SystemRoot\System32\drivers\watchdog.sys

  0x8BC38000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0x8CD08000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x8BC2A000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x8BC18000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x8BC01000 \SystemRoot\system32\DRIVERS\Rtlh86.sys

  0x8D5D1000 \SystemRoot\system32\DRIVERS\NETw4v32.sys

  0x8B4F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x8BD1D000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x8BD12000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x8CCDD000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0x8B53E000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x8BCF7000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x8CCC5000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x8CC30000 \SystemRoot\system32\DRIVERS\msiscsi.sys

  0x8D591000 \SystemRoot\system32\DRIVERS\storport.sys

  0x8CC25000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8CC0E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x8CC03000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x8D56E000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x88CE8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x8D55B000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x8D4D4000 \SystemRoot\system32\DRIVERS\rdpdr.sys

  0x8D4BA000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x8B530000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x8D490000 \SystemRoot\system32\DRIVERS\ks.sys

  0x8CC5B000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x8BD57000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x8D45C000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x89150000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x90B0D000 \SystemRoot\system32\drivers\CHDRT32.sys

  0x90A90000 \SystemRoot\system32\drivers\portcls.sys

  0x90A6B000 \SystemRoot\system32\drivers\drmk.sys

  0x90A54000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x90A45000 \SystemRoot\system32\drivers\RTSTOR.SYS

  0x89061000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x89160000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x8B485000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x8B5C0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

  0x8B5C8000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x8B5D0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

  0x90A14000 \SystemRoot\system32\DRIVERS\MpFilter.sys

  0x89073000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0x8B44D000 \SystemRoot\System32\Drivers\Null.SYS

  0x8B454000 \SystemRoot\System32\Drivers\Beep.SYS

  0x90A08000 \SystemRoot\System32\drivers\vga.sys

  0x90F9F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8B588000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x8B590000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x8D4C9000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x90F71000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8907C000 \SystemRoot\System32\DRIVERS\rasacd.sys

  0x9112B000 \SystemRoot\System32\drivers\tcpip.sys

  0x90EB8000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x90EA3000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x90E4B000 \SystemRoot\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS

  0x90E25000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS

  0x90E11000 \SystemRoot\system32\DRIVERS\smb.sys

  0x910E4000 \SystemRoot\system32\drivers\afd.sys

  0x910B2000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x9109C000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x90E03000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x91089000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x91065000 \SystemRoot\system32\drivers\NIS\1205000.07D\Ironx86.SYS

  0x9105A000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSPX.SYS

  0x9101F000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x90ED1000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x917A5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110408.001\IDSvix86.sys

  0x8B4B5000 \SystemRoot\System32\Drivers\Hotkey.SYS

  0x91752000 \SystemRoot\system32\drivers\csc.sys

  0x91730000 \SystemRoot\System32\Drivers\dfsc.sys

  0x92339000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys

  0x8BDD9000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x92289000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x90EE5000 \SystemRoot\System32\Drivers\dump_msahci.sys

  0x97400000 \SystemRoot\System32\win32k.sys

  0x90EEF000 \SystemRoot\System32\drivers\Dxapi.sys

  0x9553C000 \SystemRoot\system32\DRIVERS\monitor.sys

  0xACE00000 \SystemRoot\System32\TSDDD.dll

  0xACE10000 \SystemRoot\System32\cdd.dll

  0x973E5000 \SystemRoot\system32\drivers\luafv.sys

  0xB24C2000 \SystemRoot\system32\drivers\spsys.sys

  0x891E0000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0xB2497000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x90F53000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xB2484000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0xB2EB7000 \SystemRoot\system32\drivers\HTTP.sys

  0xB2E5E000 \SystemRoot\system32\DRIVERS\bowser.sys

  0xB2E3E000 \SystemRoot\system32\drivers\mrxdav.sys

  0xB2E20000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xB2F27000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0xB2E0E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0xAF534000 \SystemRoot\system32\DRIVERS\atksgt.sys

  0x8BCE0000 \SystemRoot\system32\DRIVERS\lirsgt.sys

  0xAF416000 \SystemRoot\system32\drivers\peauth.sys

  0x90F0D000 \SystemRoot\System32\Drivers\secdrv.SYS

  0xB3844000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x91621000 \??\C:\Windows\system32\SVKP.sys

  0x922E1000 \SystemRoot\System32\drivers\tcpipreg.sys

  0xB3820000 \SystemRoot\System32\DRIVERS\srv2.sys

  0xB972F000 \SystemRoot\System32\DRIVERS\srv.sys

  0xBD37B000 \SystemRoot\System32\Drivers\NIS\1205000.07D\SRTSP.SYS

  0xBD311000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0x922AA000 \SystemRoot\system32\drivers\tdtcp.sys

  0x973A0000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

  0xBD223000 \SystemRoot\System32\Drivers\RDPWD.SYS

  0xC1629000 \??\C:\Users\Zaphod\AppData\Local\Temp\uwlyipow.sys

  0xBDCAD000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110409.002\NAVEX15.SYS

  0xB2430000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110409.002\NAVENG.SYS

  0x77660000 \Windows\System32\ntdll.dll
 

Processes (total 51):

       0 System Idle Process

       4 System

     464 C:\Windows\System32\smss.exe

     528 csrss.exe

     568 C:\Windows\System32\wininit.exe

     580 csrss.exe

     612 C:\Windows\System32\services.exe

     624 C:\Windows\System32\lsass.exe

     632 C:\Windows\System32\lsm.exe

     680 C:\Windows\System32\winlogon.exe

     820 C:\Windows\System32\svchost.exe

     876 C:\Windows\System32\svchost.exe

    1024 C:\Windows\System32\svchost.exe

    1056 C:\Windows\System32\svchost.exe

    1072 C:\Windows\System32\svchost.exe

    1180 C:\Windows\System32\audiodg.exe

    1204 C:\Windows\System32\svchost.exe

    1236 C:\Windows\System32\SLsvc.exe

    1292 C:\Windows\System32\svchost.exe

    1480 C:\Windows\System32\svchost.exe

    1688 C:\Windows\System32\spoolsv.exe

    1712 C:\Windows\System32\svchost.exe

    1916 C:\Windows\System32\dwm.exe

    1960 C:\Windows\explorer.exe

    1116 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    1336 C:\Windows\System32\hkcmd.exe

    1276 C:\Windows\System32\igfxpers.exe

    1444 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    1476 C:\Program Files\Launch Manager\HotkeyApp.exe

    1752 C:\Windows\System32\igfxsrvc.exe

    1364 C:\Windows\System32\svchost.exe

     828 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe

    1496 C:\Windows\System32\svchost.exe

    1740 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    2060 C:\Windows\System32\svchost.exe

    2132 C:\Windows\System32\svchost.exe

    2176 C:\Windows\System32\SearchIndexer.exe

    2576 WmiPrvSE.exe

    2632 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe

    2996 C:\Windows\System32\taskeng.exe

    3124 C:\Program Files\Google\Update\GoogleUpdate.exe

    3132 C:\Windows\System32\taskeng.exe

    3156 C:\Program Files\Launch Manager\WisLMSvc.exe

    3324 dllhost.exe

    4076 C:\Windows\System32\wbem\unsecapp.exe

    2152 C:\Windows\System32\notepad.exe

     276 C:\Program Files\Mozilla Firefox\firefox.exe

    3608 C:\Windows\System32\SearchProtocolHost.exe

    3860 C:\Windows\System32\SearchFilterHost.exe

     564 C:\Users\Zaphod\Downloads\MBRCheck.exe

    3392 C:\Windows\System32\conime.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`80c12600  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
 

      Size  Device Name          MBR Status

  --------------------------------------------

    232 GB  \\.\PhysicalDrive0   Unknown MBR code

            SHA1: D7559364D4ED70B962EE3D1B080F121404E36EA2
 
 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
 

Done!

Einen schönen, sonnigen Sonntag ,
Stephi

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo Arne,

hatte leider erst jetzt Zeit, die Scans durchzuführen.

Antispyware log:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 04/15/2011 at 06:51 PM
 

Application Version : 4.50.1002
 

Core Rules Database Version : 6847

Trace Rules Database Version: 4659
 

Scan type       : Complete Scan

Total Scan Time : 01:40:39
 

Memory items scanned      : 610

Memory threats detected   : 0

Registry items scanned    : 10241

Registry threats detected : 0

File items scanned        : 141207

File threats detected     : 3
 

Adware.Tracking Cookie

        serving-sys.com [ C:\Users\Zaphod\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZA3MULHG ]

        www.pornme.com [ C:\Users\Zaphod\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZA3MULHG ]
 

Application.PowerReg Scheduler

        C:\WINDOWS\PSS\POWERREG SCHEDULER V3.EXE.STARTUP

Malwarebytes log:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6368
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

15.04.2011 16:08

mbam-log-2011-04-15 (16-08-51).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)

Durchsuchte Objekte: 291924

Laufzeit: 1 Stunde(n), 11 Minute(n), 37 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Hab beide Programme vorher aktualisiert.

Grüße und :dankeschoen:,
Stephi

Sieht nach einem Fehlalarm und zwei Cookies aus.
Rechner wieder ok?

Lieber Arne,

ja, es ist alles supstens, alle Probleme sind weg (Dass ich, warum auch immer, keine SP's installieren kann,
damit muss ich mich wohl abfinden, ist hoffentlich nicht schlimm.) Bin jedenfalls sehr :Boogie: und finde es toll,
dass Ihr hier Eure freie Zeit investiert (für Fremde und für lau).

Tausend Dank und Grüße aus B,
Stephi

Wieso kannst du keine SPs installieren? Fehlermeldung?

SP1 schon mal manuell versucht zu installieren, danach das SP2?

SP1 => Detail Seite Windows Vista Service Pack 1 Five Language Standalone (KB936330)
Sp2 => Detail Seite Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone (KB948465)