"Mediashifting.com" Virus

DanyRibi · 01.01.2012, 13:24

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.01.2012 13:40:01 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 87,99 Mb Available Physical Memory | 9,23% Memory free
1,93 Gb Paging File | 1,01 Gb Available in Paging File | 52,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 28,96 Gb Free Space | 54,02% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,41 Gb Free Space | 35,66% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,23 Gb Free Space | 88,67% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\
CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
 
O1 HOSTS File: ([2011.12.29 15:06:58 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Task Services]  7 File not found
O4 - HKCU..\Run: [Cyrcre] C:\Users\Administrator\AppData\Roaming\Cyrcre.exe File not found
O4 - HKCU..\Run: [Microsoft DLL Registration] C:\Users\Administrator\AppData\Roaming\regsrv64.exe File not found
O4 - HKCU..\Run: [Windows Task Services]  7 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: Windows Task Services -  7 - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.01.01 13:39:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.01.01 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{639320BD-DFF2-44A7-88E5-61B923D2D3BC}
[2012.01.01 13:15:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E3E17551-5555-4C18-A009-0172A3E71FC5}
[2012.01.01 01:11:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F5DEE3EE-3A77-4069-8872-A0516733D4C8}
[2012.01.01 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{171A2393-E16D-42EC-A59A-67D8E2791DDF}
[2011.12.31 18:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.31 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7543530A-3BF2-4D40-B2F2-D5CFEF87FC47}
[2011.12.31 13:09:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E670B477-4E8D-4708-860C-BB15747133BB}
[2011.12.29 22:05:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.29 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011.12.29 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D6DF5517-0866-46C0-B035-0E23E581F263}
[2011.12.29 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6FFDEF2E-28F7-4570-9A3F-D901AE7592ED}
[2011.12.28 23:43:12 | 000,000,000 | ---D | C] -- C:\TDSS
[2011.12.28 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.28 22:15:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.28 18:27:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}
[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}
[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}
[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}
[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}
[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}
[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}
[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific
[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec
[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys
[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys
[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys
[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D
[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}
[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}
[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}
[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}
[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}
[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}
[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}
[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}
[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}
[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}
[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.12.19 21:50:54 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs
[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro
[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro
[2011.12.19 11:16:05 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2011.12.19 11:16:05 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO
[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer
[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host
[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games
[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}
[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore
[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line
[2011.12.18 20:35:10 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}
[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}
[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.12.18 03:03:48 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.12.18 03:03:48 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.12.18 03:03:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.12.18 03:03:47 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.12.18 03:03:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.12.18 03:03:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.12.18 03:03:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.12.18 03:03:47 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.12.18 03:03:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.12.18 03:03:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.12.18 03:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.12.18 03:03:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.12.18 03:03:46 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.12.18 03:03:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}
[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}
[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}
[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}
[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook
[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}
[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}
[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}
[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}
[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ
[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr
[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}
[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}
[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}
[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}
[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}
[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}
[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst
[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}
[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}
[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}
[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}
[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX
[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara
[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}
[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}
[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}
[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}
[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete
[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10
[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10
[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}
[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}
[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data
[2011.12.06 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2B1F679-50D7-445C-9578-3B5E7AD63807}
[2011.12.06 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F495AC1-C1D4-4EEB-9787-D81E264494E7}
[2011.12.05 21:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.12.05 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.05 21:44:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.05 21:44:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.05 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8A2F23C0-AFEF-4AEB-8881-0E7DC16E6140}
[2011.12.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E089A1A0-B25F-49A8-A8F8-C16F9C06DCEA}
[2011.12.04 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Deployment
[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps
[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb
[2011.12.04 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{15ED8E3F-517F-48FB-95F0-6D960EC85015}
[2011.12.04 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BB7597B2-858A-44DD-A98A-965C3D38C0C2}
[2011.12.03 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F7E2FEB-69CC-4B16-B352-FE4435C886FE}
[2011.12.03 19:48:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5389BE28-FACF-4142-B2AC-A1EE2D65BE42}
[2011.12.02 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C637353A-B56B-4A7F-BFDD-B8EFE4D5BDCC}
[2011.12.02 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{25A4F810-84C3-4DCD-9B21-EFDC53E26ADD}
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.01.01 13:22:00 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.01 13:22:00 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.01 13:14:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.01 13:14:23 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.01 00:34:32 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.12.29 16:00:43 | 189,948,433 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.29 15:06:58 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.29 12:01:49 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.29 12:01:49 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.29 12:01:49 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.29 12:01:49 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.28 19:43:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.25 23:47:51 | 000,890,854 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job
[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 21:50:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.18 03:03:48 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.12.18 03:03:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.12.18 03:03:48 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.12.18 03:03:48 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.12.18 03:03:47 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.12.18 03:03:47 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.12.18 03:03:47 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.12.18 03:03:47 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.12.18 03:03:47 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.12.18 03:03:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.12.18 03:03:47 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.12.18 03:03:46 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.12.18 03:03:46 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.12.18 03:03:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js
[2011.12.04 21:48:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
 
========== Files Created - No Company Name ==========
 
[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.25 23:47:36 | 000,890,854 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf
[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf
[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf
[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf
[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf
[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat
[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat
[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat
[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini
[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js
[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.12.04 21:50:59 | 000,002,399 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
[2011.12.04 21:12:04 | 189,948,433 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat
[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat
[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat
[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

< End of report >

--- --- ---

DanyRibi · 01.01.2012, 13:25

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.01.2012 13:40:01 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 87,99 Mb Available Physical Memory | 9,23% Memory free
1,93 Gb Paging File | 1,01 Gb Available in Paging File | 52,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 28,96 Gb Free Space | 54,02% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,41 Gb Free Space | 35,66% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,23 Gb Free Space | 88,67% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Foto Designer Pro 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759ef96c-3b1c-492b-b872-65869600a028}" = Nero 9
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C0410301-8AA7-460D-AB92-13BEDAC25753}" = 
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Autoruns" = Autoruns
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core Temp" = Core Temp
"Counter-Strike 1.6" = Counter-Strike 1.6
"CPU-Z" = CPU-Z
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FL Studio 9" = FL Studio 9
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Gpuz" = GPU-Z
"Hardcore" = Hardcore
"HDTune" = HDTune
"IL Download Manager" = IL Download Manager
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mp3tag" = Mp3tag v2.48
"N360" = Norton 360
"NFOPad" = NFOPad 1.55
"PictureItSuite_v10" = Microsoft Picture It! Foto Designer Pro Plus 10
"PoiZone" = PoiZone
"Real Temp" = Real Temp
"SAM3" = SAM Broadcaster (remove only)
"Sawer" = Sawer
"Songr" = Songr
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities" = TuneUp Utilities
"Update Service" = Sony Ericsson Update Service
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows 7 Custom Theme Pack" = Windows 7 Custom Theme Pack
"Windows 7 Theme Pack" = Windows 7 Theme Pack
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"xp-AntiSpy" = xp-AntiSpy 3.98
"XYLIOfdp_is1" = FutureDecks Pro 2.0.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 85145
 
Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 85145
 
Error - 29.12.2011 06:01:33 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
Error - 29.12.2011 06:50:00 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
Error - 29.12.2011 07:20:55 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
Error - 29.12.2011 10:11:51 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
Error - 29.12.2011 14:25:41 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
Error - 31.12.2011 08:09:18 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
Error - 01.01.2012 08:14:52 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
[ System Events ]
Error - 29.12.2011 11:01:17 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 29.12.2011 14:25:32 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 29.12.2011 14:25:33 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 31.12.2011 08:09:07 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 31.12.2011 08:09:07 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 31.12.2011 09:12:52 | Computer Name = FiFu-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31.12.2011 09:12:52 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 31.12.2011 13:43:21 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 01.01.2012 08:14:44 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.01.2012 08:14:44 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
 
< End of report >

--- --- ---

Chris4You · 02.01.2012, 12:01

Hi,
Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
O4 - HKLM..\Run: [Windows Task Services]  7 File not found
O4 - HKCU..\Run: [Cyrcre] C:\Users\Administrator\AppData\Roaming\Cyrcre.exe File not found
O4 - HKCU..\Run: [Microsoft DLL Registration] C:\Users\Administrator\AppData\Roaming\regsrv64.exe File not found
O4 - HKCU..\Run: [Windows Task Services]  7 File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7
O21 - SSODL: Windows Task Services -  7 - No CLSID value found.
[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb
[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

MAM updaten und einen Fullscan...

chris

DanyRibi · 02.01.2012, 15:18

All processes killed
========== OTL ==========
Process mdm.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Cyrcre deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft DLL Registration deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Windows Task Services deleted successfully.
Invalid CLSID key: 7
C:\Users\Administrator\AppData\Local\709b8acb\U folder moved successfully.
C:\Users\Administrator\AppData\Local\709b8acb folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 167901 bytes
->Temporary Internet Files folder emptied: 27213190 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 48414654 bytes
->Flash cache emptied: 3320 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_153309

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

DanyRibi · 02.01.2012, 16:57

MAM Fullscan

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.02.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: FIFU-PC [Administrator]

Schutz: Aktiviert

02.01.2012 15:42:13
mbam-log-2012-01-02 (15-42-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 289960
Laufzeit: 1 Stunde(n), 33 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Administrator\DoctorWeb\Quarantine\000000c0.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\_OTL\MovedFiles\01022012_153309\C_Users\Administrator\AppData\Local\709b8acb\U\000000c0.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\_OTL\MovedFiles\01022012_153309\C_Users\Administrator\AppData\Local\709b8acb\U\000000cb.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Chris4You · 02.01.2012, 17:35

Hi,

MAM hat nur die Files gefundfen, die Dr. Web bzw. wir bereits erwischt hatten... ich frage mich wo die immer wieder herkommen, es muß ein Trojandownloader aktiv sein, oder irgendeine page die zu ansurfest ist infiziert...

Lass nochmal den Killer laufen (neu runterladen) und kreuze unter Optionen die Suche nach TDSS-Filesystem an...

chris

DanyRibi · 02.01.2012, 17:53

hm, du hast vielleicht Recht..

Aber da frag ich mich wo ich den mir eingefangen haben soll.
In den letzten Tagen war ich in keiner komischen Seite.
Also alles Seiten die ich schon seit Jahren besuche.. hm.

DanyRibi · 02.01.2012, 18:06

18:21:20.0967 3764 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:21:21.0139 3764 ============================================================
18:21:21.0139 3764 Current date / time: 2012/01/02 18:21:21.0139
18:21:21.0139 3764 SystemInfo:
18:21:21.0139 3764
18:21:21.0139 3764 OS Version: 6.1.7600 ServicePack: 0.0
18:21:21.0139 3764 Product type: Workstation
18:21:21.0139 3764 ComputerName: FIFU-PC
18:21:21.0139 3764 UserName: Administrator
18:21:21.0139 3764 Windows directory: C:\Windows
18:21:21.0139 3764 System windows directory: C:\Windows
18:21:21.0139 3764 Processor architecture: Intel x86
18:21:21.0139 3764 Number of processors: 1
18:21:21.0139 3764 Page size: 0x1000
18:21:21.0139 3764 Boot type: Normal boot
18:21:21.0139 3764 ============================================================
18:21:22.0356 3764 Initialize success
18:21:29.0189 3408 ============================================================
18:21:29.0189 3408 Scan started
18:21:29.0189 3408 Mode: Manual; TDLFS;
18:21:29.0189 3408 ============================================================
18:21:30.0546 3408 .tdx - ok
18:21:31.0045 3408 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:21:31.0045 3408 1394ohci - ok
18:21:31.0420 3408 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:21:31.0435 3408 ACPI - ok
18:21:31.0825 3408 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:21:31.0825 3408 AcpiPmi - ok
18:21:32.0278 3408 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:21:32.0309 3408 adp94xx - ok
18:21:32.0683 3408 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:21:32.0683 3408 adpahci - ok
18:21:33.0151 3408 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:21:33.0151 3408 adpu320 - ok
18:21:33.0526 3408 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
18:21:33.0541 3408 AFD - ok
18:21:33.0884 3408 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:21:33.0900 3408 agp440 - ok
18:21:34.0243 3408 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:21:34.0243 3408 aic78xx - ok
18:21:34.0633 3408 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:21:34.0633 3408 aliide - ok
18:21:35.0023 3408 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:21:35.0023 3408 amdagp - ok
18:21:35.0413 3408 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:21:35.0413 3408 amdide - ok
18:21:35.0803 3408 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:21:35.0803 3408 AmdK8 - ok
18:21:36.0380 3408 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:21:36.0396 3408 AmdPPM - ok
18:21:36.0755 3408 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
18:21:36.0755 3408 amdsata - ok
18:21:37.0145 3408 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:21:37.0145 3408 amdsbs - ok
18:21:37.0519 3408 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
18:21:37.0519 3408 amdxata - ok
18:21:37.0894 3408 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:21:37.0894 3408 AppID - ok
18:21:38.0284 3408 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:21:38.0284 3408 arc - ok
18:21:38.0658 3408 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:21:38.0658 3408 arcsas - ok
18:21:39.0048 3408 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:21:39.0048 3408 AsyncMac - ok
18:21:39.0422 3408 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:21:39.0422 3408 atapi - ok
18:21:39.0875 3408 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
18:21:39.0922 3408 athr - ok
18:21:40.0343 3408 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:21:40.0358 3408 b06bdrv - ok
18:21:40.0920 3408 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:21:40.0936 3408 b57nd60x - ok
18:21:41.0560 3408 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
18:21:41.0591 3408 BHDrvx86 - ok
18:21:42.0371 3408 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:21:42.0386 3408 blbdrive - ok
18:21:43.0073 3408 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
18:21:43.0073 3408 bowser - ok
18:21:43.0868 3408 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:21:43.0868 3408 BrFiltLo - ok
18:21:44.0492 3408 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:21:44.0524 3408 BrFiltUp - ok
18:21:45.0288 3408 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:21:45.0288 3408 Brserid - ok
18:21:46.0052 3408 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:21:46.0068 3408 BrSerWdm - ok
18:21:46.0832 3408 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:21:46.0848 3408 BrUsbMdm - ok
18:21:47.0503 3408 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:21:47.0503 3408 BrUsbSer - ok
18:21:48.0018 3408 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
18:21:48.0034 3408 BthEnum - ok
18:21:48.0845 3408 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:21:48.0845 3408 BTHMODEM - ok
18:21:49.0578 3408 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
18:21:49.0578 3408 BthPan - ok
18:21:50.0311 3408 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
18:21:50.0327 3408 BTHPORT - ok
18:21:51.0029 3408 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
18:21:51.0029 3408 BTHUSB - ok
18:21:51.0653 3408 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:21:51.0653 3408 cdfs - ok
18:21:52.0417 3408 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:21:52.0433 3408 cdrom - ok
18:21:53.0119 3408 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:21:53.0135 3408 circlass - ok
18:21:53.0447 3408 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:21:53.0447 3408 CLFS - ok
18:21:53.0806 3408 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:21:53.0806 3408 CmBatt - ok
18:21:54.0164 3408 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:21:54.0164 3408 cmdide - ok
18:21:54.0554 3408 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:21:54.0570 3408 CNG - ok
18:21:54.0960 3408 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:21:54.0960 3408 Compbatt - ok
18:21:55.0334 3408 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:21:55.0334 3408 CompositeBus - ok
18:21:55.0693 3408 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:21:55.0709 3408 crcdisk - ok
18:21:56.0114 3408 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
18:21:56.0130 3408 CSC - ok
18:21:56.0520 3408 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
18:21:56.0520 3408 DfsC - ok
18:21:56.0926 3408 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:21:56.0926 3408 discache - ok
18:21:57.0316 3408 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:21:57.0316 3408 Disk - ok
18:21:57.0737 3408 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:21:57.0737 3408 drmkaud - ok
18:21:58.0220 3408 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
18:21:58.0252 3408 DXGKrnl - ok
18:21:58.0798 3408 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:21:58.0876 3408 ebdrv - ok
18:21:59.0297 3408 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:21:59.0328 3408 elxstor - ok
18:21:59.0702 3408 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:21:59.0702 3408 ErrDev - ok
18:22:00.0092 3408 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:22:00.0092 3408 exfat - ok
18:22:00.0467 3408 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:22:00.0482 3408 fastfat - ok
18:22:00.0950 3408 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:22:00.0950 3408 fdc - ok
18:22:01.0808 3408 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:22:01.0808 3408 FileInfo - ok
18:22:02.0869 3408 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:22:02.0869 3408 Filetrace - ok
18:22:03.0696 3408 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:03.0696 3408 flpydisk - ok
18:22:04.0304 3408 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:22:04.0320 3408 FltMgr - ok
18:22:04.0694 3408 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:22:04.0694 3408 FsDepends - ok
18:22:05.0116 3408 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:05.0116 3408 Fs_Rec - ok
18:22:05.0521 3408 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:05.0552 3408 fvevol - ok
18:22:06.0161 3408 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:06.0192 3408 gagp30kx - ok
18:22:06.0566 3408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:22:06.0566 3408 GEARAspiWDM - ok
18:22:06.0941 3408 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
18:22:06.0956 3408 ggflt - ok
18:22:07.0331 3408 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
18:22:07.0331 3408 ggsemc - ok
18:22:07.0705 3408 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:22:07.0705 3408 hcw85cir - ok
18:22:08.0111 3408 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
18:22:08.0126 3408 HdAudAddService - ok
18:22:08.0532 3408 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:22:08.0532 3408 HDAudBus - ok
18:22:08.0860 3408 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:08.0860 3408 HidBatt - ok
18:22:09.0234 3408 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:22:09.0250 3408 HidBth - ok
18:22:09.0640 3408 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:22:09.0640 3408 HidIr - ok
18:22:10.0030 3408 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:10.0030 3408 HidUsb - ok
18:22:10.0420 3408 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:22:10.0420 3408 HpSAMD - ok
18:22:10.0841 3408 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:22:10.0872 3408 HTTP - ok
18:22:11.0262 3408 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:22:11.0262 3408 hwpolicy - ok
18:22:11.0636 3408 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:22:11.0636 3408 i8042prt - ok
18:22:12.0011 3408 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
18:22:12.0011 3408 iaStorV - ok
18:22:12.0229 3408 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys
18:22:12.0245 3408 IDSVix86 - ok
18:22:12.0744 3408 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:22:12.0869 3408 igfx - ok
18:22:13.0243 3408 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:22:13.0243 3408 iirsp - ok
18:22:13.0618 3408 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:22:13.0633 3408 intelide - ok
18:22:13.0976 3408 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:13.0976 3408 intelppm - ok
18:22:14.0320 3408 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:14.0335 3408 IpFilterDriver - ok
18:22:14.0678 3408 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:22:14.0678 3408 IPMIDRV - ok
18:22:15.0068 3408 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:22:15.0068 3408 IPNAT - ok
18:22:15.0677 3408 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:22:15.0677 3408 IRENUM - ok
18:22:16.0301 3408 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:22:16.0301 3408 isapnp - ok
18:22:16.0706 3408 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:22:16.0722 3408 iScsiPrt - ok
18:22:17.0393 3408 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:17.0408 3408 kbdclass - ok
18:22:17.0845 3408 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:22:17.0861 3408 kbdhid - ok
18:22:18.0220 3408 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
18:22:18.0220 3408 KSecDD - ok
18:22:18.0578 3408 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:18.0594 3408 KSecPkg - ok
18:22:19.0015 3408 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:19.0015 3408 lltdio - ok
18:22:19.0405 3408 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:19.0405 3408 LSI_FC - ok
18:22:19.0780 3408 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:19.0780 3408 LSI_SAS - ok
18:22:20.0154 3408 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:20.0170 3408 LSI_SAS2 - ok
18:22:20.0669 3408 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:20.0684 3408 LSI_SCSI - ok
18:22:21.0230 3408 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:22:21.0246 3408 MBAMProtector - ok
18:22:21.0667 3408 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
18:22:21.0667 3408 MBAMSwissArmy - ok
18:22:22.0073 3408 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:22:22.0073 3408 megasas - ok
18:22:22.0463 3408 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:22.0478 3408 MegaSR - ok
18:22:22.0837 3408 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:22:22.0837 3408 Modem - ok
18:22:23.0212 3408 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:22:23.0212 3408 monitor - ok
18:22:23.0570 3408 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:23.0586 3408 mouclass - ok
18:22:23.0960 3408 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:23.0976 3408 mouhid - ok
18:22:24.0335 3408 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:22:24.0335 3408 mountmgr - ok
18:22:24.0740 3408 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:22:24.0740 3408 mpio - ok
18:22:25.0115 3408 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:22:25.0115 3408 mpsdrv - ok
18:22:25.0505 3408 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:22:25.0520 3408 MRxDAV - ok
18:22:25.0910 3408 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:25.0910 3408 mrxsmb - ok
18:22:26.0285 3408 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:26.0285 3408 mrxsmb10 - ok
18:22:26.0644 3408 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:26.0644 3408 mrxsmb20 - ok
18:22:27.0002 3408 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:22:27.0002 3408 msahci - ok
18:22:27.0377 3408 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:22:27.0377 3408 msdsm - ok
18:22:27.0767 3408 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:22:27.0767 3408 Msfs - ok
18:22:28.0141 3408 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:28.0141 3408 mshidkmdf - ok
18:22:28.0500 3408 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:22:28.0500 3408 msisadrv - ok
18:22:28.0890 3408 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:28.0890 3408 MSKSSRV - ok
18:22:29.0342 3408 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:29.0342 3408 MSPCLOCK - ok
18:22:29.0732 3408 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:22:29.0732 3408 MSPQM - ok
18:22:30.0107 3408 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:22:30.0107 3408 MsRPC - ok
18:22:30.0466 3408 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:22:30.0466 3408 mssmbios - ok
18:22:30.0840 3408 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:22:30.0840 3408 MSTEE - ok
18:22:31.0230 3408 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:31.0230 3408 MTConfig - ok
18:22:31.0620 3408 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:22:31.0620 3408 Mup - ok
18:22:32.0104 3408 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:32.0119 3408 NativeWifiP - ok
18:22:32.0384 3408 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS
18:22:32.0384 3408 NAVENG - ok
18:22:32.0494 3408 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS
18:22:32.0525 3408 NAVEX15 - ok
18:22:32.0930 3408 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:22:32.0977 3408 NDIS - ok
18:22:33.0352 3408 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:33.0352 3408 NdisCap - ok
18:22:33.0726 3408 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:33.0726 3408 NdisTapi - ok
18:22:34.0085 3408 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:34.0085 3408 Ndisuio - ok
18:22:34.0459 3408 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:34.0459 3408 NdisWan - ok
18:22:34.0818 3408 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:22:34.0818 3408 NDProxy - ok
18:22:35.0208 3408 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:22:35.0208 3408 NetBIOS - ok
18:22:35.0582 3408 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:22:35.0598 3408 NetBT - ok
18:22:35.0988 3408 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:35.0988 3408 nfrd960 - ok
18:22:36.0394 3408 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:22:36.0394 3408 Npfs - ok
18:22:36.0815 3408 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:22:36.0815 3408 nsiproxy - ok
18:22:37.0330 3408 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
18:22:37.0376 3408 Ntfs - ok
18:22:37.0735 3408 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:22:37.0735 3408 Null - ok
18:22:38.0094 3408 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
18:22:38.0094 3408 nvraid - ok
18:22:38.0484 3408 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
18:22:38.0484 3408 nvstor - ok
18:22:38.0858 3408 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:22:38.0858 3408 nv_agp - ok
18:22:39.0248 3408 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:22:39.0248 3408 ohci1394 - ok
18:22:39.0638 3408 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:22:39.0654 3408 Parport - ok
18:22:40.0013 3408 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
18:22:40.0013 3408 partmgr - ok
18:22:40.0418 3408 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:22:40.0434 3408 Parvdm - ok
18:22:40.0824 3408 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:22:40.0840 3408 pci - ok
18:22:41.0214 3408 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:22:41.0214 3408 pciide - ok
18:22:41.0588 3408 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:41.0604 3408 pcmcia - ok
18:22:41.0978 3408 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:22:41.0978 3408 pcw - ok
18:22:42.0431 3408 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:22:42.0478 3408 PEAUTH - ok
18:22:42.0899 3408 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:42.0899 3408 PptpMiniport - ok
18:22:43.0258 3408 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:22:43.0258 3408 Processor - ok
18:22:43.0663 3408 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:22:43.0663 3408 Psched - ok
18:22:44.0162 3408 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:22:44.0209 3408 ql2300 - ok
18:22:44.0568 3408 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:44.0568 3408 ql40xx - ok
18:22:44.0958 3408 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:22:44.0958 3408 QWAVEdrv - ok
18:22:45.0379 3408 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:45.0379 3408 RasAcd - ok
18:22:45.0754 3408 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:45.0754 3408 RasAgileVpn - ok
18:22:46.0128 3408 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:46.0128 3408 Rasl2tp - ok
18:22:46.0768 3408 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:46.0768 3408 RasPppoe - ok
18:22:47.0142 3408 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:47.0142 3408 RasSstp - ok
18:22:47.0548 3408 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:47.0563 3408 rdbss - ok
18:22:47.0938 3408 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:47.0938 3408 rdpbus - ok
18:22:48.0312 3408 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:48.0312 3408 RDPCDD - ok
18:22:48.0702 3408 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
18:22:48.0702 3408 RDPDR - ok
18:22:49.0076 3408 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:22:49.0076 3408 RDPENCDD - ok
18:22:49.0466 3408 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:22:49.0466 3408 RDPREFMP - ok
18:22:49.0825 3408 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
18:22:49.0825 3408 RDPWD - ok
18:22:50.0200 3408 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:22:50.0200 3408 rdyboost - ok
18:22:50.0558 3408 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
18:22:50.0574 3408 RFCOMM - ok
18:22:50.0933 3408 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:50.0933 3408 rspndr - ok
18:22:51.0276 3408 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
18:22:51.0276 3408 s3cap - ok
18:22:51.0635 3408 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:22:51.0635 3408 sbp2port - ok
18:22:52.0025 3408 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:52.0025 3408 scfilter - ok
18:22:52.0399 3408 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
18:22:52.0399 3408 sdbus - ok
18:22:52.0758 3408 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:22:52.0758 3408 secdrv - ok
18:22:53.0164 3408 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:22:53.0164 3408 Serenum - ok
18:22:53.0522 3408 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:22:53.0522 3408 Serial - ok
18:22:53.0897 3408 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:22:53.0897 3408 sermouse - ok
18:22:54.0287 3408 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:22:54.0287 3408 sffdisk - ok
18:22:54.0646 3408 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:22:54.0646 3408 sffp_mmc - ok
18:22:55.0036 3408 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:22:55.0036 3408 sffp_sd - ok
18:22:55.0394 3408 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:55.0394 3408 sfloppy - ok
18:22:55.0816 3408 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:22:55.0816 3408 sisagp - ok
18:22:56.0190 3408 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:56.0190 3408 SiSRaid2 - ok
18:22:56.0564 3408 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:56.0564 3408 SiSRaid4 - ok
18:22:56.0939 3408 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:22:56.0939 3408 Smb - ok
18:22:57.0344 3408 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:22:57.0344 3408 spldr - ok
18:22:57.0844 3408 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS
18:22:57.0844 3408 SRTSP - ok
18:22:58.0265 3408 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS
18:22:58.0265 3408 SRTSPX - ok
18:22:58.0639 3408 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
18:22:58.0655 3408 srv - ok
18:22:59.0045 3408 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
18:22:59.0076 3408 srv2 - ok
18:22:59.0482 3408 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:22:59.0482 3408 SrvHsfHDA - ok
18:22:59.0872 3408 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:22:59.0903 3408 SrvHsfV92 - ok
18:23:00.0308 3408 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:23:00.0340 3408 SrvHsfWinac - ok
18:23:00.0698 3408 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
18:23:00.0698 3408 srvnet - ok
18:23:01.0073 3408 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:23:01.0073 3408 stexstor - ok
18:23:01.0447 3408 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:23:01.0447 3408 storflt - ok
18:23:01.0837 3408 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
18:23:01.0837 3408 storvsc - ok
18:23:02.0196 3408 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:23:02.0196 3408 swenum - ok
18:23:02.0664 3408 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS
18:23:02.0680 3408 SymDS - ok
18:23:03.0116 3408 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS
18:23:03.0132 3408 SymEFA - ok
18:23:03.0506 3408 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:23:03.0506 3408 SymEvent - ok
18:23:03.0959 3408 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS
18:23:03.0959 3408 SymIRON - ok
18:23:04.0380 3408 SymNetS (d4636a051890a92d1c8c2d9e7a5c8381) C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS
18:23:04.0380 3408 SymNetS - ok
18:23:04.0801 3408 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
18:23:04.0832 3408 Tcpip - ok
18:23:05.0222 3408 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
18:23:05.0238 3408 TCPIP6 - ok
18:23:05.0628 3408 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:23:05.0628 3408 tcpipreg - ok
18:23:05.0971 3408 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:23:05.0987 3408 TDPIPE - ok
18:23:06.0299 3408 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
18:23:06.0299 3408 TDTCP - ok
18:23:06.0658 3408 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
18:23:06.0658 3408 tdx - ok
18:23:07.0032 3408 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:23:07.0032 3408 TermDD - ok
18:23:07.0453 3408 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:07.0453 3408 tssecsrv - ok
18:23:07.0718 3408 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
18:23:07.0718 3408 TuneUpUtilitiesDrv - ok
18:23:08.0077 3408 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:23:08.0077 3408 tunnel - ok
18:23:08.0452 3408 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:23:08.0452 3408 uagp35 - ok
18:23:08.0842 3408 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:23:08.0842 3408 udfs - ok
18:23:09.0247 3408 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:23:09.0247 3408 uliagpkx - ok
18:23:09.0606 3408 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:23:09.0606 3408 umbus - ok
18:23:09.0965 3408 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:23:09.0965 3408 UmPass - ok
18:23:10.0355 3408 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:23:10.0355 3408 USBAAPL - ok
18:23:10.0714 3408 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:10.0714 3408 usbccgp - ok
18:23:11.0057 3408 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:23:11.0057 3408 usbcir - ok
18:23:11.0447 3408 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
18:23:11.0447 3408 usbehci - ok
18:23:11.0852 3408 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
18:23:11.0868 3408 usbhub - ok
18:23:12.0242 3408 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
18:23:12.0242 3408 usbohci - ok
18:23:12.0601 3408 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:23:12.0601 3408 usbprint - ok
18:23:12.0976 3408 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:12.0991 3408 USBSTOR - ok
18:23:13.0366 3408 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
18:23:13.0381 3408 usbuhci - ok
18:23:13.0787 3408 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
18:23:13.0787 3408 VClone - ok
18:23:14.0146 3408 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:23:14.0161 3408 vdrvroot - ok
18:23:14.0551 3408 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:14.0551 3408 vga - ok
18:23:14.0926 3408 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:23:14.0926 3408 VgaSave - ok
18:23:15.0300 3408 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:23:15.0316 3408 vhdmp - ok
18:23:15.0690 3408 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:23:15.0690 3408 viaagp - ok
18:23:16.0064 3408 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:23:16.0064 3408 ViaC7 - ok
18:23:16.0423 3408 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:23:16.0423 3408 viaide - ok
18:23:16.0813 3408 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
18:23:16.0829 3408 vmbus - ok
18:23:17.0203 3408 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:23:17.0203 3408 VMBusHID - ok
18:23:17.0562 3408 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:23:17.0562 3408 volmgr - ok
18:23:17.0968 3408 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:23:17.0983 3408 volmgrx - ok
18:23:18.0358 3408 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:23:18.0373 3408 volsnap - ok
18:23:18.0732 3408 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:23:18.0732 3408 vsmraid - ok
18:23:19.0106 3408 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:23:19.0106 3408 vwifibus - ok
18:23:19.0496 3408 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:23:19.0496 3408 vwififlt - ok
18:23:19.0886 3408 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
18:23:19.0886 3408 vwifimp - ok
18:23:20.0276 3408 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:23:20.0276 3408 WacomPen - ok
18:23:20.0635 3408 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:20.0635 3408 WANARP - ok
18:23:20.0651 3408 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:20.0651 3408 Wanarpv6 - ok
18:23:21.0025 3408 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:23:21.0025 3408 Wd - ok
18:23:21.0447 3408 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:23:21.0478 3408 Wdf01000 - ok
18:23:21.0852 3408 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:23:21.0868 3408 WfpLwf - ok
18:23:22.0242 3408 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:23:22.0242 3408 WIMMount - ok
18:23:22.0663 3408 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
18:23:22.0663 3408 WinUsb - ok
18:23:23.0100 3408 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:23:23.0116 3408 WmiAcpi - ok
18:23:23.0490 3408 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:23:23.0506 3408 ws2ifsl - ok
18:23:23.0865 3408 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:23:23.0865 3408 WudfPf - ok
18:23:24.0239 3408 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:24.0255 3408 WUDFRd - ok
18:23:24.0333 3408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:23:24.0504 3408 \Device\Harddisk0\DR0 - ok
18:23:24.0520 3408 Boot (0x1200) (d9309ba9da18506827077a43b40cdaeb) \Device\Harddisk0\DR0\Partition0
18:23:24.0520 3408 \Device\Harddisk0\DR0\Partition0 - ok
18:23:24.0567 3408 Boot (0x1200) (e607270cd54bb73414cb04ed59578b2e) \Device\Harddisk0\DR0\Partition1
18:23:24.0567 3408 \Device\Harddisk0\DR0\Partition1 - ok
18:23:24.0567 3408 Boot (0x1200) (2ca966281e8767d6ba71212b76470b5f) \Device\Harddisk0\DR0\Partition2
18:23:24.0567 3408 \Device\Harddisk0\DR0\Partition2 - ok
18:23:24.0598 3408 Boot (0x1200) (318536f777627ce692442de47272d540) \Device\Harddisk0\DR0\Partition3
18:23:24.0598 3408 \Device\Harddisk0\DR0\Partition3 - ok
18:23:24.0613 3408 ============================================================
18:23:24.0613 3408 Scan finished
18:23:24.0613 3408 ============================================================
18:23:24.0629 1080 Detected object count: 0
18:23:24.0629 1080 Actual detected object count: 0
18:25:20.0163 2712 Deinitialize success

Chris4You · 02.01.2012, 19:16

Hi,

nix zu sehen...

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

chris

DanyRibi · 04.01.2012, 12:57

Hallo!
Hier der Bericht vom GMER

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-04 13:16:29
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: 78mci2i0.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldypog.sys


---- System - GMER 1.0.15 ----

SSDT            858B6C10                                                                                         ZwAlertResumeThread
SSDT            858B6CF0                                                                                         ZwAlertThread
SSDT            858ED9F0                                                                                         ZwAllocateVirtualMemory
SSDT            8587B048                                                                                         ZwAlpcConnectPort
SSDT            858B63B8                                                                                         ZwAssignProcessToJobObject
SSDT            858B6960                                                                                         ZwCreateMutant
SSDT            858B60D8                                                                                         ZwCreateSymbolicLinkObject
SSDT            859F2B20                                                                                         ZwCreateThread
SSDT            858B61C8                                                                                         ZwCreateThreadEx
SSDT            858B6498                                                                                         ZwDebugActiveProcess
SSDT            858EDBA0                                                                                         ZwDuplicateObject
SSDT            858ED810                                                                                         ZwFreeVirtualMemory
SSDT            858B6A50                                                                                         ZwImpersonateAnonymousToken
SSDT            858B6B30                                                                                         ZwImpersonateThread
SSDT            855E0ED0                                                                                         ZwLoadDriver
SSDT            858ED710                                                                                         ZwMapViewOfSection
SSDT            858B6880                                                                                         ZwOpenEvent
SSDT            859F2A08                                                                                         ZwOpenProcess
SSDT            858EDAE0                                                                                         ZwOpenProcessToken
SSDT            858B66C0                                                                                         ZwOpenSection
SSDT            859F2938                                                                                         ZwOpenThread
SSDT            858B62C8                                                                                         ZwProtectVirtualMemory
SSDT            858B6DD0                                                                                         ZwResumeThread
SSDT            858ED460                                                                                         ZwSetContextThread
SSDT            858ED540                                                                                         ZwSetInformationProcess
SSDT            858B6578                                                                                         ZwSetSystemInformation
SSDT            858B67A0                                                                                         ZwSuspendProcess
SSDT            858B6EB0                                                                                         ZwSuspendThread
SSDT            859F2C00                                                                                         ZwTerminateProcess
SSDT            858B6F90                                                                                         ZwTerminateThread
SSDT            858ED630                                                                                         ZwUnmapViewOfSection
SSDT            858ED900                                                                                         ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                  82C84579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82CA8F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 224                                                              82CB0724 8 Bytes  [10, 6C, 8B, 85, F0, 6C, 8B, ...]
.text           ntkrnlpa.exe!RtlSidHashLookup + 23C                                                              82CB073C 4 Bytes  [F0, D9, 8E, 85]
.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                              82CB0748 4 Bytes  [48, B0, 87, 85]
.text           ntkrnlpa.exe!RtlSidHashLookup + 29C                                                              82CB079C 4 Bytes  [B8, 63, 8B, 85]
.text           ntkrnlpa.exe!RtlSidHashLookup + 318                                                              82CB0818 4 Bytes  [60, 69, 8B, 85]
.text           ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004f                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21488e                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21488e@402ba1eeee7a         0xEB 0xE6 0x4E 0x73 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21488e (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21488e@402ba1eeee7a             0xEB 0xE6 0x4E 0x73 ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\$NtUninstallKB1455$\1889241803                                                        0 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\@                                                      2048 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\L                                                      0 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\L\xadqgnnk                                             74240 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\loader.tlb                                             2632 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U                                                      0 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@00000001                                            45968 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000c0                                            3072 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000cb                                            3072 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000cf                                            1536 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@80000000                                            26112 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000c0                                            32768 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000cb                                            24064 bytes
File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000cf                                            31744 bytes
File            C:\Windows\$NtUninstallKB1455$\1904035700                                                        0 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

Chris4You · 05.01.2012, 10:45

Hi,

Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe

Doppelklick auf die SystemLook.exe, um das Tool zu starten.

Vista-User/Win7 mit Rechtsklick und als Administrator starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:dir
C:\Windows\$NtUninstallKB1455$ /s

Klicke nun auf den Button Look, um den Scan zu starten.

Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Starte bitte die OTL.exe

Vista/Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt in die Textbox

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
winlogon.exe
userinit.exe
WS2_32.dll
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Quick Scan Button

Klick auf OK

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

chris

DanyRibi · 05.01.2012, 14:22

Hallo!

Hier die Ergebnisse vom SystemLook

DanyRibi

DanyRibi · 05.01.2012, 15:02

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.01.2012 14:47:11 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 395,27 Mb Available Physical Memory | 41,48% Memory free
1,93 Gb Paging File | 1,15 Gb Available in Paging File | 59,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 27,76 Gb Free Space | 51,78% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,22 Gb Free Space | 35,27% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,23 Gb Free Space | 88,67% Space Free | Partition Type: NTFS
Drive F: | 332,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 5,69 Gb Total Space | 5,28 Gb Free Space | 92,83% Space Free | Partition Type: FAT32
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll ()
MOD - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\APPLIC~1\160912~1.63\gcswf32.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\
CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
 
O1 HOSTS File: ([2011.12.29 15:06:58 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.12.21 23:03:36 | 000,000,033 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.12.29 11:07:02 | 000,012,320 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{67f9b365-19b2-11e1-8f52-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67f9b365-19b2-11e1-8f52-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe -- [2011.03.11 00:20:00 | 000,853,992 | R--- | M] (Seiko Epson Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: AppInfo -  File not found
 
 
SafeBootMin: 33610407.sys - Driver
SafeBootMin: AppInfo - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: 33610407.sys - Driver
SafeBootNet: AppInfo - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\setup50.exe" /APP:OE /CALLER:IE50 /user /install
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.01.05 14:46:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.01.05 13:08:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8969EC72-091A-4305-878D-200786654B7A}
[2012.01.05 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D8E11CB6-50E8-4EFB-8062-E4622F06700E}
[2012.01.05 01:00:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9DAD6BF2-7548-45FA-8638-51BA8257BB7D}
[2012.01.05 01:00:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{50919A37-85BB-4D37-AB9E-1A1148D9CDAD}
[2012.01.04 11:56:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1A31310D-7225-46FD-A8F0-3257735B9D9A}
[2012.01.04 11:55:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0E7CF5DC-A07C-473C-86B0-6BEC76A5D7CA}
[2012.01.03 12:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Epson
[2012.01.03 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ABBYY
[2012.01.03 12:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 9.0 Sprint
[2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2012.01.03 12:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012.01.03 12:17:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2012.01.03 12:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012.01.03 12:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012.01.03 12:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012.01.03 12:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.01.03 12:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.01.03 12:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012.01.03 11:57:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F04A8962-0CB2-42D8-8FFB-54F5191DBEBE}
[2012.01.03 11:57:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{207302E0-CA97-48B6-AF27-FA069C0264DC}
[2012.01.02 18:19:47 | 000,000,000 | ---D | C] -- C:\TDSS
[2012.01.02 15:44:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Amazon
[2012.01.02 15:40:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.01.02 14:57:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A6E7FA4F-B9BC-4F4F-AA06-B9E1A250E4CC}
[2012.01.02 14:57:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BF98FF71-B7E6-4B56-8810-6894E17F532E}
[2012.01.01 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{639320BD-DFF2-44A7-88E5-61B923D2D3BC}
[2012.01.01 13:15:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E3E17551-5555-4C18-A009-0172A3E71FC5}
[2012.01.01 01:11:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F5DEE3EE-3A77-4069-8872-A0516733D4C8}
[2012.01.01 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{171A2393-E16D-42EC-A59A-67D8E2791DDF}
[2011.12.31 18:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.31 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7543530A-3BF2-4D40-B2F2-D5CFEF87FC47}
[2011.12.31 13:09:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E670B477-4E8D-4708-860C-BB15747133BB}
[2011.12.29 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011.12.29 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D6DF5517-0866-46C0-B035-0E23E581F263}
[2011.12.29 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6FFDEF2E-28F7-4570-9A3F-D901AE7592ED}
[2011.12.28 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.28 22:15:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}
[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}
[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}
[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}
[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}
[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}
[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}
[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific
[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec
[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys
[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys
[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys
[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D
[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}
[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}
[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}
[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}
[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}
[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}
[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}
[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}
[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}
[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}
[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs
[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro
[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro
[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO
[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer
[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host
[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games
[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}
[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore
[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line
[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}
[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}
[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}
[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}
[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}
[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}
[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook
[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}
[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}
[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}
[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}
[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ
[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr
[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}
[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}
[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}
[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}
[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}
[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}
[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst
[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}
[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}
[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}
[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}
[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX
[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara
[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}
[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}
[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}
[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}
[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete
[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10
[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10
[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}
[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}
[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.01.05 14:19:46 | 000,268,592 | ---- | M] () -- C:\Users\Administrator\Desktop\SystemLook.zip
[2012.01.05 13:28:30 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.05 13:28:30 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.05 13:28:30 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.05 13:28:30 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.05 13:23:39 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 13:23:39 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 13:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.05 13:16:00 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.05 02:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012.01.03 12:17:57 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss
[2012.01.03 12:16:19 | 000,894,558 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2012.01.02 18:21:33 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2012.01.02 15:41:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.29 16:00:43 | 189,948,433 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.29 15:06:58 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.28 19:43:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job
[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js
 
========== Files Created - No Company Name ==========
 
[2012.01.05 14:19:45 | 000,268,592 | ---- | C] () -- C:\Users\Administrator\Desktop\SystemLook.zip
[2012.01.05 02:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.01.03 12:17:44 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss
[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.25 23:47:36 | 000,894,558 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf
[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf
[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf
[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf
[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf
[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat
[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat
[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat
[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini
[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js
[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat
[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat
[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat
[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2012.01.02 15:44:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon
[2012.01.03 12:47:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson
[2011.11.28 12:33:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit
[2011.12.18 21:11:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hardcore
[2011.11.28 12:34:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2011.12.19 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host
[2011.12.10 14:09:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2011.12.19 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sawer
[2011.12.25 23:47:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tific
[2011.11.28 18:11:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2011.11.28 16:59:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems
[2011.12.07 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VshareComplete
[2009.07.14 05:53:46 | 000,001,888 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.02 18:21:33 | 000,000,248 | ---- | M] () -- C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2_32.DLL  >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
 
< c:\windows\system32\drivers\*.sys /lockedfiles >
 
< c:\windows\system32\*.dll /lockedfiles >
 
< %systemroot%\*. /mp /s >
 
< %PROGRAMFILES%\*. >
[2012.01.03 12:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 9.0 Sprint
[2011.12.09 20:15:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011.11.28 17:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011.12.29 11:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2011.11.28 19:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011.12.04 21:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011.11.28 15:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\ClearProg
[2012.01.03 12:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011.11.28 15:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2011.12.19 12:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Counter-Strike 1.6
[2009.07.14 09:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011.12.14 22:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2012.01.03 12:17:09 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2012.01.03 12:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2011.12.31 18:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011.11.28 19:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\Firebird
[2011.11.28 13:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2011.11.28 12:22:11 | 000,000,000 | -HSD | M] -- C:\Program Files\Gemeinsame Dateien
[2011.12.18 20:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2012.01.03 12:18:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011.12.18 02:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011.12.28 18:30:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011.11.28 12:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2011.12.28 18:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011.12.05 21:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011.12.10 14:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\MAGIX
[2011.12.28 23:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.13 16:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 10
[2009.07.14 09:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011.11.28 13:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011.11.29 14:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011.11.28 13:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011.11.28 13:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011.11.28 13:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011.11.28 19:20:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mp3tag
[2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011.11.28 13:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010.03.31 18:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\NFOPad
[2011.12.25 23:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2011.12.25 23:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010.03.31 18:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\olsystems CPL Pack
[2011.11.28 17:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011.12.18 20:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2011.11.28 19:19:58 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFiltrePortable
[2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011.11.28 19:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\simfy VZ edition
[2011.12.18 16:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Songr
[2011.12.19 21:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2011.11.28 19:23:09 | 000,000,000 | ---D | M] -- C:\Program Files\SpacialAudio
[2011.12.25 23:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011.11.28 19:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2011.11.28 19:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2011.12.04 21:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2010
[2011.11.28 17:15:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011.12.19 22:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2011.12.07 21:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\vShare.tv plugin
[2011.12.07 21:43:53 | 000,000,000 | ---D | M] -- C:\Program Files\VshareComplete
[2011.12.18 20:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2009.07.14 09:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011.11.28 20:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011.11.28 12:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009.07.14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011.12.22 18:03:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2011.11.28 15:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\xp-AntiSpy
[2011.12.19 11:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\XYLIO
[2011.11.28 12:32:55 | 000,000,000 | ---D | M] -- C:\Program Files\Z-Zip
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB1455$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

--- --- ---

es ist kein Extra.txt gekommen..!

Chris4You · 06.01.2012, 10:34

hi,

über ein Microsoft FixPack KB1455 ist mir nichts bekannt, da ist was faul... auch GMER zeigt Verlinkungen dahin...

Bevor ich das per Hand entsorge, schauen wir mal was ComboFix dazu sagt:

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

DanyRibi · 07.01.2012, 21:03

Combofix hat nicht funktioniert.
Ich habe mein Virenprogramm gelöscht und es nochmals drauf gespielt und jetzt ist alles ok.
DANKE DAFÜR!

jetzt aber noch eine weitere Frage. Seit heute hab ich das Problem, dass kein Desktophintergrund angezeigt wird, genauso wenig wie die Miniaturansichten von Programmen und Bildern..
Das sieht dann so aus (siehe Bilder)
Kannst du mir da weiter helfen?

"Mediashifting.com" Virus

Plagegeister aller Art und deren Bekämpfung: "Mediashifting.com" Virus