"Mediashifting.com" Virus

DanyRibi · 28.12.2011, 18:53

Hallo!

Ich habe ein Problem mit meinem Laptop.
Immer wenn ich in Google etwas suche und dann auf den Link drücke, werde ich durch "www.mediashifting.com" auf verschiedene Seiten weitergeleitet.
Seit neustem kommt jetzt auch der Link "www.95p.com"

Wie kann ich den Virus beheben?
Da ich eine große Laie bin bitte ich euch mir alles Schritt für Schritt zu schildern was ich machen soll.
Danke im Vorraus

Chris4You · 28.12.2011, 18:55

Hi,

OTL
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

chris

DanyRibi · 28.12.2011, 19:54

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.12.2011 20:03:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programme\Virus
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 411,41 Mb Available Physical Memory | 43,18% Memory free
1,93 Gb Paging File | 1,36 Gb Available in Paging File | 70,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 28,68 Gb Free Space | 53,49% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,31 Gb Free Space | 35,44% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Programme\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - \\?\globalroot\systemroot\system32\mswsock.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (tdx) -- C:\Windows\System32\drivers\tdx.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\
CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
 
O1 HOSTS File: ([2011.11.28 13:36:02 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell - "" = AutoRun
O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.28 18:27:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}
[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}
[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}
[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}
[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}
[2011.12.26 22:39:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.12.26 21:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.26 21:13:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}
[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}
[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific
[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec
[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys
[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys
[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys
[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D
[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}
[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}
[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}
[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}
[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}
[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}
[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}
[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}
[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}
[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}
[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.12.19 21:50:54 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs
[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro
[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro
[2011.12.19 11:16:05 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2011.12.19 11:16:05 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO
[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer
[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host
[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games
[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}
[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore
[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line
[2011.12.18 20:35:10 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}
[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}
[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.12.18 03:03:48 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.12.18 03:03:48 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.12.18 03:03:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.12.18 03:03:47 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.12.18 03:03:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.12.18 03:03:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.12.18 03:03:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.12.18 03:03:47 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.12.18 03:03:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.12.18 03:03:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.12.18 03:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.12.18 03:03:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.12.18 03:03:46 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.12.18 03:03:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}
[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}
[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}
[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}
[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook
[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}
[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}
[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}
[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}
[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ
[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr
[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}
[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}
[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}
[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}
[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}
[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}
[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst
[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}
[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}
[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}
[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}
[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX
[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara
[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}
[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}
[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}
[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}
[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete
[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10
[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10
[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}
[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}
[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data
[2011.12.06 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2B1F679-50D7-445C-9578-3B5E7AD63807}
[2011.12.06 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F495AC1-C1D4-4EEB-9787-D81E264494E7}
[2011.12.05 21:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.12.05 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.05 21:44:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.05 21:44:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.05 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8A2F23C0-AFEF-4AEB-8881-0E7DC16E6140}
[2011.12.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E089A1A0-B25F-49A8-A8F8-C16F9C06DCEA}
[2011.12.04 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Deployment
[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps
[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb
[2011.12.04 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{15ED8E3F-517F-48FB-95F0-6D960EC85015}
[2011.12.04 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BB7597B2-858A-44DD-A98A-965C3D38C0C2}
[2011.12.03 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F7E2FEB-69CC-4B16-B352-FE4435C886FE}
[2011.12.03 19:48:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5389BE28-FACF-4142-B2AC-A1EE2D65BE42}
[2011.12.02 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C637353A-B56B-4A7F-BFDD-B8EFE4D5BDCC}
[2011.12.02 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{25A4F810-84C3-4DCD-9B21-EFDC53E26ADD}
[2011.12.02 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C93DE1B5-D585-4E35-A141-C222DEC630BE}
[2011.12.02 09:25:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F7D8078A-BCD1-4211-80CD-567BB113EAB9}
[2011.12.01 20:36:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{070B127A-96EF-4F2B-9A81-92BDDD4CC584}
[2011.12.01 20:36:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{52C31749-4BE9-43A1-8C6C-D339359FDCBE}
[2011.12.01 07:41:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{499F222A-AA6A-44A2-8EAE-B4DD012EC01B}
[2011.12.01 07:41:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A993F94E-AF14-46CD-8ACD-E77747B8337C}
[2011.12.01 07:40:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D8CDFA72-8B35-475F-9B3A-722ABF4B3345}
[2011.11.30 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{58770A29-F6FA-4901-9B3E-9E44FFA32B0A}
[2011.11.30 07:19:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A1E312B3-2EF2-473B-99CE-828567F633E1}
[2011.11.30 07:19:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{839BA023-EB82-49A9-9FD5-F5F4673225C2}
[2011.11.29 14:51:59 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.29 14:17:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{65BD232A-781A-4D3D-92D7-6DF832361BEF}
[2011.11.29 14:16:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7FDC2215-D876-4950-86D1-7CFB14DFF7D1}
[2011.11.28 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1B6A9BBE-26FE-4349-B724-217F576EDCF5}
[2011.11.28 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{98D9582E-13A6-4AD5-8652-20588D06FC7E}
[2011.11.28 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Tracing
[2011.11.28 20:52:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
[2011.11.28 20:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2011.11.28 20:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011.11.28 20:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.11.28 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live
[2011.11.28 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.12.28 19:10:35 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 19:10:35 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 19:03:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.28 19:03:12 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.28 15:37:14 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.28 15:37:14 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.28 15:37:14 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.28 15:37:14 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.25 23:47:51 | 000,890,854 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job
[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.25 18:45:05 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 21:50:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.18 03:03:48 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.12.18 03:03:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.12.18 03:03:48 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.12.18 03:03:48 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.12.18 03:03:47 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.12.18 03:03:47 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.12.18 03:03:47 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.12.18 03:03:47 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.12.18 03:03:47 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.12.18 03:03:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.12.18 03:03:47 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.12.18 03:03:46 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.12.18 03:03:46 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.12.18 03:03:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 22:45:59 | 175,148,793 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js
[2011.12.04 21:48:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
[2011.11.30 21:16:22 | 000,065,040 | ---- | M] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg
[2011.11.29 17:30:25 | 000,000,355 | ---- | M] () -- C:\Users\Administrator\Desktop\Computer.lnk
[2011.11.29 16:45:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.11.29 14:51:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.28 20:52:34 | 000,001,964 | ---- | M] () -- C:\Users\Administrator\Desktop\SAM Broadcaster.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.25 23:47:36 | 000,890,854 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf
[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf
[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf
[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf
[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf
[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat
[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat
[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat
[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini
[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js
[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.12.04 21:50:59 | 000,002,399 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
[2011.12.04 21:12:04 | 175,148,793 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.30 21:13:13 | 000,065,040 | ---- | C] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg
[2011.11.29 17:30:25 | 000,000,355 | ---- | C] () -- C:\Users\Administrator\Desktop\Computer.lnk
[2011.11.29 16:45:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.11.28 20:52:34 | 000,001,964 | ---- | C] () -- C:\Users\Administrator\Desktop\SAM Broadcaster.lnk
[2011.11.28 20:51:49 | 000,001,408 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.11.28 20:50:24 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat
[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat
[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat
[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:12:11 | 000,074,240 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 304 bytes -> C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation

< End of report >

--- --- ---

Hier der OTL.txt

DanyRibi · 28.12.2011, 19:56

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.12.2011 20:03:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programme\Virus
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 411,41 Mb Available Physical Memory | 43,18% Memory free
1,93 Gb Paging File | 1,36 Gb Available in Paging File | 70,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 28,68 Gb Free Space | 53,49% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,31 Gb Free Space | 35,44% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Foto Designer Pro 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759ef96c-3b1c-492b-b872-65869600a028}" = Nero 9
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C0410301-8AA7-460D-AB92-13BEDAC25753}" = 
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autoruns" = Autoruns
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core Temp" = Core Temp
"Counter-Strike 1.6" = Counter-Strike 1.6
"CPU-Z" = CPU-Z
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FL Studio 9" = FL Studio 9
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Gpuz" = GPU-Z
"Hardcore" = Hardcore
"HDTune" = HDTune
"IL Download Manager" = IL Download Manager
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mp3tag" = Mp3tag v2.48
"N360" = Norton 360
"NFOPad" = NFOPad 1.55
"PictureItSuite_v10" = Microsoft Picture It! Foto Designer Pro Plus 10
"PoiZone" = PoiZone
"Real Temp" = Real Temp
"SAM3" = SAM Broadcaster (remove only)
"Sawer" = Sawer
"Songr" = Songr
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities" = TuneUp Utilities
"Update Service" = Sony Ericsson Update Service
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows 7 Custom Theme Pack" = Windows 7 Custom Theme Pack
"Windows 7 Theme Pack" = Windows 7 Theme Pack
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"xp-AntiSpy" = xp-AntiSpy 3.98
"XYLIOfdp_is1" = FutureDecks Pro 2.0.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 557251
 
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 557251
 
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 565846
 
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 565846
 
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 573288
 
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 573288
 
Error - 28.12.2011 14:03:47 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
[ System Events ]
Error - 28.12.2011 13:10:52 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 28.12.2011 13:29:49 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.12.2011 14:03:37 | Computer Name = FiFu-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?12.?2011 um 18:51:27 unerwartet heruntergefahren.
 
Error - 28.12.2011 14:03:41 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 28.12.2011 14:03:41 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 iPod-Dienst erreicht.
 
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 28.12.2011 14:06:02 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 MBAMService erreicht.
 
Error - 28.12.2011 14:06:02 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
 
< End of report >

--- --- ---

Hier der Extras.txt

Chris4You · 28.12.2011, 20:13

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Windows\System32\drivers\tdx.sys 
C:\Windows\unins000.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

[list]Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = dword:0x00
"InternetSettingsDisableNotify" = dword:0x00
"AutoUpdateDisableNotify" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

MBCHeck und MAM-Log noch...

chris

DanyRibi · 28.12.2011, 20:58

Zitat:

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
hxxp://mbam.malwarebytes.org/program...-installer.php
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

MBR-Check
Lade Dir hxxp://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris

soll ich diese Punkte trotzdem noch durchführen?

DanyRibi · 28.12.2011, 23:46

ok. hab's gemacht. du bekommst gleich die .log-Datei

DanyRibi · 28.12.2011, 23:54

hier ist die .log-Datei vom TDSS Killer

[SPOILER]23:43:45.0089 1944 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:43:45.0323 1944 ============================================================
23:43:45.0323 1944 Current date / time: 2011/12/28 23:43:45.0323
23:43:45.0323 1944 SystemInfo:
23:43:45.0323 1944
23:43:45.0323 1944 OS Version: 6.1.7600 ServicePack: 0.0
23:43:45.0323 1944 Product type: Workstation
23:43:45.0323 1944 ComputerName: FIFU-PC
23:43:45.0323 1944 UserName: Administrator
23:43:45.0323 1944 Windows directory: C:\Windows
23:43:45.0323 1944 System windows directory: C:\Windows
23:43:45.0323 1944 Processor architecture: Intel x86
23:43:45.0323 1944 Number of processors: 1
23:43:45.0323 1944 Page size: 0x1000
23:43:45.0323 1944 Boot type: Normal boot
23:43:45.0323 1944 ============================================================
23:43:46.0914 1944 Initialize success
23:43:58.0598 3056 ============================================================
23:43:58.0598 3056 Scan started
23:43:58.0598 3056 Mode: Manual;
23:43:58.0598 3056 ============================================================
23:44:00.0501 3056 .tdx - ok
23:44:00.0876 3056 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:44:00.0876 3056 1394ohci - ok
23:44:01.0235 3056 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:44:01.0250 3056 ACPI - ok
23:44:01.0609 3056 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:44:01.0609 3056 AcpiPmi - ok
23:44:02.0046 3056 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:44:02.0077 3056 adp94xx - ok
23:44:02.0451 3056 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:44:02.0451 3056 adpahci - ok
23:44:02.0826 3056 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:44:02.0826 3056 adpu320 - ok
23:44:03.0247 3056 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
23:44:03.0278 3056 AFD - ok
23:44:03.0637 3056 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:44:03.0637 3056 agp440 - ok
23:44:03.0996 3056 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:44:03.0996 3056 aic78xx - ok
23:44:04.0386 3056 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:44:04.0386 3056 aliide - ok
23:44:04.0776 3056 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:44:04.0776 3056 amdagp - ok
23:44:05.0181 3056 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:44:05.0181 3056 amdide - ok
23:44:05.0556 3056 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:44:05.0556 3056 AmdK8 - ok
23:44:05.0930 3056 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:44:05.0930 3056 AmdPPM - ok
23:44:06.0554 3056 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
23:44:06.0554 3056 amdsata - ok
23:44:06.0913 3056 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:44:06.0913 3056 amdsbs - ok
23:44:07.0272 3056 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
23:44:07.0272 3056 amdxata - ok
23:44:07.0631 3056 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:44:07.0631 3056 AppID - ok
23:44:08.0036 3056 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:44:08.0036 3056 arc - ok
23:44:08.0426 3056 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:44:08.0426 3056 arcsas - ok
23:44:08.0816 3056 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:44:08.0816 3056 AsyncMac - ok
23:44:09.0206 3056 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:44:09.0206 3056 atapi - ok
23:44:09.0674 3056 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
23:44:09.0705 3056 athr - ok
23:44:10.0127 3056 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:44:10.0127 3056 b06bdrv - ok
23:44:10.0532 3056 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:44:10.0532 3056 b57nd60x - ok
23:44:10.0797 3056 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
23:44:10.0829 3056 BHDrvx86 - ok
23:44:11.0187 3056 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:44:11.0187 3056 blbdrive - ok
23:44:11.0593 3056 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
23:44:11.0593 3056 bowser - ok
23:44:11.0967 3056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:44:11.0967 3056 BrFiltLo - ok
23:44:12.0311 3056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:44:12.0326 3056 BrFiltUp - ok
23:44:12.0732 3056 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:44:12.0732 3056 Brserid - ok
23:44:13.0122 3056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:44:13.0122 3056 BrSerWdm - ok
23:44:13.0496 3056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:44:13.0496 3056 BrUsbMdm - ok
23:44:13.0839 3056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:44:13.0839 3056 BrUsbSer - ok
23:44:14.0245 3056 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
23:44:14.0245 3056 BthEnum - ok
23:44:14.0619 3056 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:44:14.0619 3056 BTHMODEM - ok
23:44:14.0994 3056 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
23:44:14.0994 3056 BthPan - ok
23:44:15.0415 3056 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
23:44:15.0431 3056 BTHPORT - ok
23:44:15.0805 3056 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
23:44:15.0805 3056 BTHUSB - ok
23:44:16.0195 3056 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:44:16.0195 3056 cdfs - ok
23:44:16.0569 3056 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:44:16.0569 3056 cdrom - ok
23:44:16.0944 3056 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:44:16.0944 3056 circlass - ok
23:44:17.0225 3056 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:44:17.0225 3056 CLFS - ok
23:44:17.0583 3056 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:44:17.0583 3056 CmBatt - ok
23:44:17.0958 3056 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:44:17.0958 3056 cmdide - ok
23:44:18.0317 3056 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:44:18.0332 3056 CNG - ok
23:44:18.0707 3056 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:44:18.0707 3056 Compbatt - ok
23:44:19.0050 3056 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:44:19.0065 3056 CompositeBus - ok
23:44:19.0455 3056 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:44:19.0455 3056 crcdisk - ok
23:44:19.0877 3056 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:44:19.0908 3056 CSC - ok
23:44:20.0298 3056 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
23:44:20.0298 3056 DfsC - ok
23:44:20.0735 3056 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:44:20.0735 3056 discache - ok
23:44:21.0125 3056 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:44:21.0125 3056 Disk - ok
23:44:21.0530 3056 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:44:21.0530 3056 drmkaud - ok
23:44:21.0951 3056 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
23:44:21.0983 3056 DXGKrnl - ok
23:44:22.0419 3056 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:44:22.0513 3056 ebdrv - ok
23:44:22.0934 3056 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:44:22.0965 3056 elxstor - ok
23:44:23.0340 3056 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:44:23.0340 3056 ErrDev - ok
23:44:23.0730 3056 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:44:23.0730 3056 exfat - ok
23:44:24.0104 3056 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:44:24.0104 3056 fastfat - ok
23:44:24.0479 3056 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:44:24.0479 3056 fdc - ok
23:44:24.0869 3056 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:44:24.0884 3056 FileInfo - ok
23:44:25.0259 3056 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:44:25.0259 3056 Filetrace - ok
23:44:25.0649 3056 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:44:25.0649 3056 flpydisk - ok
23:44:26.0054 3056 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:44:26.0070 3056 FltMgr - ok
23:44:26.0460 3056 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:44:26.0460 3056 FsDepends - ok
23:44:26.0865 3056 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:44:26.0865 3056 Fs_Rec - ok
23:44:27.0271 3056 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
23:44:27.0271 3056 fvevol - ok
23:44:27.0630 3056 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:44:27.0630 3056 gagp30kx - ok
23:44:28.0035 3056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:44:28.0035 3056 GEARAspiWDM - ok
23:44:28.0457 3056 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
23:44:28.0457 3056 ggflt - ok
23:44:28.0831 3056 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
23:44:28.0831 3056 ggsemc - ok
23:44:29.0221 3056 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:44:29.0221 3056 hcw85cir - ok
23:44:29.0611 3056 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:44:29.0642 3056 HdAudAddService - ok
23:44:30.0032 3056 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:44:30.0048 3056 HDAudBus - ok
23:44:30.0423 3056 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:44:30.0423 3056 HidBatt - ok
23:44:30.0860 3056 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:44:30.0860 3056 HidBth - ok
23:44:31.0250 3056 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:44:31.0250 3056 HidIr - ok
23:44:31.0624 3056 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:44:31.0624 3056 HidUsb - ok
23:44:32.0014 3056 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:44:32.0014 3056 HpSAMD - ok
23:44:32.0436 3056 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:44:32.0482 3056 HTTP - ok
23:44:32.0857 3056 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:44:32.0857 3056 hwpolicy - ok
23:44:33.0231 3056 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:44:33.0231 3056 i8042prt - ok
23:44:33.0652 3056 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
23:44:33.0668 3056 iaStorV - ok
23:44:33.0902 3056 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys
23:44:33.0902 3056 IDSVix86 - ok
23:44:34.0417 3056 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:44:34.0526 3056 igfx - ok
23:44:34.0900 3056 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:44:34.0900 3056 iirsp - ok
23:44:35.0259 3056 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:44:35.0259 3056 intelide - ok
23:44:35.0634 3056 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:44:35.0634 3056 intelppm - ok
23:44:36.0024 3056 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:44:36.0024 3056 IpFilterDriver - ok
23:44:36.0367 3056 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:44:36.0382 3056 IPMIDRV - ok
23:44:36.0741 3056 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:44:36.0741 3056 IPNAT - ok
23:44:37.0131 3056 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:44:37.0147 3056 IRENUM - ok
23:44:37.0521 3056 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:44:37.0521 3056 isapnp - ok
23:44:37.0911 3056 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:44:37.0927 3056 iScsiPrt - ok
23:44:38.0301 3056 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:44:38.0317 3056 kbdclass - ok
23:44:38.0676 3056 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:44:38.0676 3056 kbdhid - ok
23:44:39.0066 3056 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
23:44:39.0066 3056 KSecDD - ok
23:44:39.0424 3056 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
23:44:39.0440 3056 KSecPkg - ok
23:44:39.0846 3056 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:44:39.0846 3056 lltdio - ok
23:44:40.0251 3056 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:44:40.0267 3056 LSI_FC - ok
23:44:40.0641 3056 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:44:40.0641 3056 LSI_SAS - ok
23:44:41.0031 3056 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:44:41.0031 3056 LSI_SAS2 - ok
23:44:41.0406 3056 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:44:41.0406 3056 LSI_SCSI - ok
23:44:41.0983 3056 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:44:42.0030 3056 MBAMProtector - ok
23:44:42.0435 3056 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:44:42.0435 3056 megasas - ok
23:44:42.0825 3056 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:44:42.0825 3056 MegaSR - ok
23:44:43.0215 3056 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:44:43.0215 3056 Modem - ok
23:44:43.0590 3056 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:44:43.0590 3056 monitor - ok
23:44:43.0948 3056 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:44:43.0948 3056 mouclass - ok
23:44:44.0338 3056 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:44:44.0338 3056 mouhid - ok
23:44:44.0697 3056 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:44:44.0713 3056 mountmgr - ok
23:44:45.0072 3056 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:44:45.0072 3056 mpio - ok
23:44:45.0430 3056 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:44:45.0430 3056 mpsdrv - ok
23:44:45.0867 3056 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:44:45.0867 3056 MRxDAV - ok
23:44:46.0257 3056 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:44:46.0257 3056 mrxsmb - ok
23:44:46.0663 3056 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:44:46.0678 3056 mrxsmb10 - ok
23:44:47.0068 3056 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:44:47.0068 3056 mrxsmb20 - ok
23:44:47.0427 3056 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:44:47.0427 3056 msahci - ok
23:44:47.0786 3056 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:44:47.0802 3056 msdsm - ok
23:44:48.0176 3056 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:44:48.0176 3056 Msfs - ok
23:44:48.0566 3056 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:44:48.0566 3056 mshidkmdf - ok
23:44:48.0972 3056 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:44:48.0972 3056 msisadrv - ok
23:44:49.0362 3056 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:44:49.0362 3056 MSKSSRV - ok
23:44:49.0798 3056 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:44:49.0798 3056 MSPCLOCK - ok
23:44:50.0157 3056 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:44:50.0157 3056 MSPQM - ok
23:44:50.0547 3056 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:44:50.0547 3056 MsRPC - ok
23:44:50.0906 3056 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:44:50.0906 3056 mssmbios - ok
23:44:51.0280 3056 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:44:51.0280 3056 MSTEE - ok
23:44:51.0670 3056 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:44:51.0670 3056 MTConfig - ok
23:44:52.0060 3056 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:44:52.0060 3056 Mup - ok
23:44:52.0544 3056 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:44:52.0544 3056 NativeWifiP - ok
23:44:52.0809 3056 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS
23:44:52.0809 3056 NAVENG - ok
23:44:52.0903 3056 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS
23:44:52.0934 3056 NAVEX15 - ok
23:44:53.0308 3056 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:44:53.0324 3056 NDIS - ok
23:44:53.0683 3056 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:44:53.0683 3056 NdisCap - ok
23:44:54.0073 3056 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:44:54.0073 3056 NdisTapi - ok
23:44:54.0463 3056 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:44:54.0463 3056 Ndisuio - ok
23:44:54.0868 3056 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:44:54.0868 3056 NdisWan - ok
23:44:55.0305 3056 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:44:55.0305 3056 NDProxy - ok
23:44:55.0680 3056 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:44:55.0680 3056 NetBIOS - ok
23:44:56.0070 3056 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:44:56.0085 3056 NetBT - ok
23:44:56.0506 3056 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:44:56.0506 3056 nfrd960 - ok
23:44:56.0881 3056 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:44:56.0896 3056 Npfs - ok
23:44:57.0271 3056 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:44:57.0286 3056 nsiproxy - ok
23:44:57.0770 3056 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
23:44:57.0832 3056 Ntfs - ok
23:44:58.0176 3056 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:44:58.0176 3056 Null - ok
23:44:58.0566 3056 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
23:44:58.0566 3056 nvraid - ok
23:44:58.0956 3056 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
23:44:58.0956 3056 nvstor - ok
23:44:59.0392 3056 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:44:59.0408 3056 nv_agp - ok
23:45:00.0422 3056 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:45:00.0516 3056 ohci1394 - ok
23:45:00.0952 3056 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:45:00.0968 3056 Parport - ok
23:45:01.0452 3056 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
23:45:01.0467 3056 partmgr - ok
23:45:01.0826 3056 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:45:01.0826 3056 Parvdm - ok
23:45:02.0341 3056 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:45:02.0341 3056 pci - ok
23:45:02.0715 3056 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:45:02.0715 3056 pciide - ok
23:45:03.0105 3056 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:45:03.0105 3056 pcmcia - ok
23:45:03.0480 3056 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:45:03.0480 3056 pcw - ok
23:45:03.0932 3056 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:45:03.0979 3056 PEAUTH - ok
23:45:04.0977 3056 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:45:04.0977 3056 PptpMiniport - ok
23:45:05.0648 3056 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:45:05.0726 3056 Processor - ok
23:45:06.0241 3056 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:45:06.0256 3056 Psched - ok
23:45:06.0771 3056 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:45:06.0896 3056 ql2300 - ok
23:45:07.0270 3056 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:45:07.0270 3056 ql40xx - ok
23:45:08.0456 3056 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:45:08.0456 3056 QWAVEdrv - ok
23:45:08.0908 3056 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:45:08.0908 3056 RasAcd - ok
23:45:10.0359 3056 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:45:10.0359 3056 RasAgileVpn - ok
23:45:10.0749 3056 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:45:10.0765 3056 Rasl2tp - ok
23:45:11.0155 3056 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:45:11.0155 3056 RasPppoe - ok
23:45:11.0545 3056 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:45:11.0545 3056 RasSstp - ok
23:45:12.0028 3056 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:45:12.0028 3056 rdbss - ok
23:45:12.0543 3056 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:45:12.0559 3056 rdpbus - ok
23:45:12.0918 3056 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:45:12.0918 3056 RDPCDD - ok
23:45:13.0432 3056 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:45:13.0432 3056 RDPDR - ok
23:45:13.0900 3056 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:45:13.0994 3056 RDPENCDD - ok
23:45:14.0712 3056 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:45:14.0727 3056 RDPREFMP - ok
23:45:16.0287 3056 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
23:45:16.0287 3056 RDPWD - ok
23:45:16.0677 3056 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:45:16.0677 3056 rdyboost - ok
23:45:17.0098 3056 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
23:45:17.0098 3056 RFCOMM - ok
23:45:17.0504 3056 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:45:17.0504 3056 rspndr - ok
23:45:17.0863 3056 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:45:17.0863 3056 s3cap - ok
23:45:18.0268 3056 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:45:18.0268 3056 sbp2port - ok
23:45:18.0643 3056 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:45:18.0643 3056 scfilter - ok
23:45:19.0064 3056 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
23:45:19.0064 3056 sdbus - ok
23:45:19.0438 3056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:45:19.0438 3056 secdrv - ok
23:45:19.0828 3056 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:45:19.0828 3056 Serenum - ok
23:45:20.0250 3056 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:45:20.0250 3056 Serial - ok
23:45:20.0640 3056 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:45:20.0640 3056 sermouse - ok
23:45:21.0014 3056 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:45:21.0014 3056 sffdisk - ok
23:45:21.0576 3056 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:45:21.0576 3056 sffp_mmc - ok
23:45:22.0044 3056 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:45:22.0044 3056 sffp_sd - ok
23:45:22.0387 3056 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:45:22.0449 3056 sfloppy - ok
23:45:22.0933 3056 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:45:22.0933 3056 sisagp - ok
23:45:27.0082 3056 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:45:27.0098 3056 SiSRaid2 - ok
23:45:29.0267 3056 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:45:29.0391 3056 SiSRaid4 - ok
23:45:29.0953 3056 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:45:29.0953 3056 Smb - ok
23:45:30.0343 3056 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:45:30.0343 3056 spldr - ok
23:45:30.0873 3056 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS
23:45:30.0889 3056 SRTSP - ok
23:45:31.0326 3056 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS
23:45:31.0326 3056 SRTSPX - ok
23:45:31.0716 3056 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
23:45:31.0731 3056 srv - ok
23:45:32.0121 3056 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
23:45:32.0121 3056 srv2 - ok
23:45:32.0527 3056 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:45:32.0543 3056 SrvHsfHDA - ok
23:45:32.0917 3056 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:45:32.0948 3056 SrvHsfV92 - ok
23:45:33.0354 3056 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:45:33.0369 3056 SrvHsfWinac - ok
23:45:33.0759 3056 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
23:45:33.0759 3056 srvnet - ok
23:45:34.0181 3056 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:45:34.0181 3056 stexstor - ok
23:45:34.0539 3056 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:45:34.0539 3056 storflt - ok
23:45:34.0898 3056 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:45:34.0898 3056 storvsc - ok
23:45:35.0257 3056 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:45:35.0257 3056 swenum - ok
23:45:35.0756 3056 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS
23:45:35.0772 3056 SymDS - ok
23:45:36.0255 3056 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS
23:45:36.0271 3056 SymEFA - ok
23:45:36.0661 3056 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
23:45:36.0661 3056 SymEvent - ok
23:45:37.0129 3056 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS
23:45:37.0129 3056 SymIRON - ok
23:45:37.0597 3056 SymNetS (d4636a051890a92d1c8c2d9e7a5c8381) C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS
23:45:37.0597 3056 SymNetS - ok
23:45:38.0049 3056 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
23:45:38.0081 3056 Tcpip - ok
23:45:38.0471 3056 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
23:45:38.0486 3056 TCPIP6 - ok
23:45:38.0892 3056 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:45:38.0892 3056 tcpipreg - ok
23:45:39.0266 3056 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:45:39.0266 3056 TDPIPE - ok
23:45:39.0609 3056 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
23:45:39.0609 3056 TDTCP - ok
23:45:39.0968 3056 tdx (02bede7c69bc6d86e8600316f35c7f57) C:\Windows\system32\DRIVERS\tdx.sys
23:45:39.0968 3056 tdx ( Rootkit.Win32.ZAccess.g ) - infected
23:45:39.0968 3056 tdx - detected Rootkit.Win32.ZAccess.g (0)
23:45:40.0358 3056 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:45:40.0358 3056 TermDD - ok
23:45:40.0779 3056 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:45:40.0779 3056 tssecsrv - ok
23:45:41.0045 3056 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
23:45:41.0045 3056 TuneUpUtilitiesDrv - ok
23:45:41.0388 3056 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:45:41.0403 3056 tunnel - ok
23:45:41.0778 3056 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:45:41.0793 3056 uagp35 - ok
23:45:42.0183 3056 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:45:42.0199 3056 udfs - ok
23:45:42.0651 3056 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:45:42.0745 3056 uliagpkx - ok
23:45:43.0079 3056 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:45:43.0079 3056 umbus - ok
23:45:43.0471 3056 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:45:43.0471 3056 UmPass - ok
23:45:43.0861 3056 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:45:43.0861 3056 USBAAPL - ok
23:45:44.0242 3056 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
23:45:44.0242 3056 usbccgp - ok
23:45:44.0632 3056 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:45:44.0632 3056 usbcir - ok
23:45:45.0007 3056 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
23:45:45.0007 3056 usbehci - ok
23:45:45.0397 3056 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
23:45:45.0412 3056 usbhub - ok
23:45:45.0787 3056 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
23:45:45.0787 3056 usbohci - ok
23:45:46.0177 3056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:45:46.0177 3056 usbprint - ok
23:45:46.0567 3056 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:45:46.0582 3056 USBSTOR - ok
23:45:47.0035 3056 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
23:45:47.0035 3056 usbuhci - ok
23:45:47.0549 3056 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
23:45:47.0549 3056 VClone - ok
23:45:47.0893 3056 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:45:47.0893 3056 vdrvroot - ok
23:45:48.0251 3056 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:45:48.0251 3056 vga - ok
23:45:48.0641 3056 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:45:48.0641 3056 VgaSave - ok
23:45:49.0109 3056 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:45:49.0125 3056 vhdmp - ok
23:45:49.0484 3056 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:45:49.0484 3056 viaagp - ok
23:45:49.0858 3056 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:45:49.0858 3056 ViaC7 - ok
23:45:50.0233 3056 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:45:50.0233 3056 viaide - ok
23:45:50.0591 3056 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:45:50.0591 3056 vmbus - ok
23:45:50.0935 3056 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:45:50.0950 3056 VMBusHID - ok
23:45:51.0309 3056 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:45:51.0309 3056 volmgr - ok
23:45:51.0683 3056 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:45:51.0715 3056 volmgrx - ok
23:45:52.0120 3056 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:45:52.0120 3056 volsnap - ok
23:45:52.0775 3056 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:45:52.0775 3056 vsmraid - ok
23:45:53.0165 3056 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:45:53.0165 3056 vwifibus - ok
23:45:53.0571 3056 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:45:53.0571 3056 vwififlt - ok
23:45:54.0133 3056 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
23:45:54.0133 3056 vwifimp - ok
23:45:54.0507 3056 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:45:54.0523 3056 WacomPen - ok
23:45:54.0866 3056 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:54.0866 3056 WANARP - ok
23:45:54.0881 3056 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:54.0881 3056 Wanarpv6 - ok
23:45:55.0303 3056 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:45:55.0303 3056 Wd - ok
23:45:55.0661 3056 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:45:55.0661 3056 Wdf01000 - ok
23:45:56.0098 3056 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:45:56.0098 3056 WfpLwf - ok
23:45:56.0473 3056 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:45:56.0473 3056 WIMMount - ok
23:45:56.0909 3056 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
23:45:56.0909 3056 WinUsb - ok
23:45:57.0331 3056 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:45:57.0331 3056 WmiAcpi - ok
23:45:57.0752 3056 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:45:57.0752 3056 ws2ifsl - ok
23:45:58.0126 3056 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:45:58.0126 3056 WudfPf - ok
23:45:58.0501 3056 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:45:58.0501 3056 WUDFRd - ok
23:45:58.0594 3056 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:45:58.0657 3056 \Device\Harddisk0\DR0 - ok
23:45:58.0672 3056 Boot (0x1200) (d9309ba9da18506827077a43b40cdaeb) \Device\Harddisk0\DR0\Partition0
23:45:58.0672 3056 \Device\Harddisk0\DR0\Partition0 - ok
23:45:58.0688 3056 Boot (0x1200) (e607270cd54bb73414cb04ed59578b2e) \Device\Harddisk0\DR0\Partition1
23:45:58.0688 3056 \Device\Harddisk0\DR0\Partition1 - ok
23:45:58.0735 3056 Boot (0x1200) (2ca966281e8767d6ba71212b76470b5f) \Device\Harddisk0\DR0\Partition2
23:45:58.0735 3056 \Device\Harddisk0\DR0\Partition2 - ok
23:45:58.0766 3056 Boot (0x1200) (318536f777627ce692442de47272d540) \Device\Harddisk0\DR0\Partition3
23:45:58.0766 3056 \Device\Harddisk0\DR0\Partition3 - ok
23:45:58.0766 3056 ============================================================
23:45:58.0766 3056 Scan finished
23:45:58.0766 3056 ============================================================
23:45:58.0781 3468 Detected object count: 1
23:45:58.0781 3468 Actual detected object count: 1
00:08:10.0726 3468 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
00:08:13.0206 3468 Backup copy found, using it..
00:08:13.0502 3468 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
00:08:34.0968 3468 C:\Windows\System32\c_70780.nls - will be deleted on reboot
00:08:45.0514 3468 tdx ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
00:09:41.0377 2720 Deinitialize success [/SPOILER]

DanyRibi · 29.12.2011, 00:27

muss ich jetzt noch etwas machen oder war's das jetzt?

Chris4You · 29.12.2011, 07:20

Hi,

lass bitte noch mal MBRCheck laufen...
Wenn der Rechner keine Symphtome mehr hat, wären wir durch...

Zur Sicherheit abschließend noch Dr.Web...
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

DanyRibi · 29.12.2011, 11:51

so hier nochmal den MBR Check von heute:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Extensa 5230
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 161):
0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x80BA1000 \SystemRoot\system32\kdcom.dll
0x8323B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832B3000 \SystemRoot\system32\PSHED.dll
0x832C4000 \SystemRoot\system32\BOOTVID.dll
0x832CC000 \SystemRoot\system32\CLFS.SYS
0x8330E000 \SystemRoot\system32\CI.dll
0x87039000 \SystemRoot\system32\drivers\Wdf01000.sys
0x870AA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x870B8000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x87100000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x87109000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x87111000 \SystemRoot\system32\DRIVERS\pci.sys
0x8713B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x87146000 \SystemRoot\System32\drivers\partmgr.sys
0x87157000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8715F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8716A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8717A000 \SystemRoot\System32\drivers\volmgrx.sys
0x871C5000 \SystemRoot\system32\DRIVERS\pciide.sys
0x871CC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x87000000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x871DA000 \SystemRoot\System32\drivers\mountmgr.sys
0x871F0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x833B9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8702E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83200000 \SystemRoot\system32\drivers\fltmgr.sys
0x87220000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMDS.SYS
0x87277000 \SystemRoot\system32\drivers\fileinfo.sys
0x87288000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMEFA.SYS
0x87405000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87534000 \SystemRoot\System32\Drivers\msrpc.sys
0x8755F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87572000 \SystemRoot\System32\Drivers\cng.sys
0x875CF000 \SystemRoot\System32\drivers\pcw.sys
0x875DD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8732C000 \SystemRoot\system32\drivers\ndis.sys
0x87636000 \SystemRoot\system32\drivers\NETIO.SYS
0x87674000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x87699000 \SystemRoot\System32\drivers\tcpip.sys
0x87600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x877E2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x87808000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x87847000 \SystemRoot\System32\Drivers\spldr.sys
0x8784F000 \SystemRoot\System32\drivers\rdyboost.sys
0x8787C000 \SystemRoot\System32\Drivers\mup.sys
0x8788C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x87894000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x878C6000 \SystemRoot\system32\DRIVERS\disk.sys
0x878D7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8792E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8794D000 \SystemRoot\System32\Drivers\Null.SYS
0x87954000 \SystemRoot\System32\drivers\vga.sys
0x87960000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87981000 \SystemRoot\System32\drivers\watchdog.sys
0x8798E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x87996000 \SystemRoot\system32\drivers\rdpencdd.sys

Hier hört er auch auf.

DanyRibi · 29.12.2011, 12:17

2 Fragen zu Dr. Web - Cure it:
1. Bei dem Automatischen Schnellscan wurden infizierte Objekte gefunden.
Soll ich die verschieben oder nicht?
2. Nach dem autmoatischen Schnellscan.
Soll ich dann noch einen Fullscan machen?

Chris4You · 29.12.2011, 13:21

Hi,
2xja und
die Logs jeweils posten!

chris

DanyRibi · 29.12.2011, 14:59

Hei.!

Hier ist schonmal die .log-Datei vom Schnellscan von Dr.Web
Den Fullscan soll ich dann auch posten oder?
Gruß DanyRibi

7021239128773976934653[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HDWKI0M;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HDWKI0M;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1]\JSFile_1[0][20f];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4\xcid,jsI;Wahrscheinlich SCRIPT.Virus;;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Container enthält infizierte Objekte;Verschoben.;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
ajs[2].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
ajs[3].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96OA6HUH;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96OA6HUH;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQUVL7Y7;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQUVL7Y7;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[9].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTGWDJP5;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTGWDJP5;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vasCA08CV6F.js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vasCAXU72FV.js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[11].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPLE2Y0Q;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPLE2Y0Q;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[9].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
ipodservice.exe;c:\program files\ipod\bin;Trojan.Starter.1695;Desinfiziert.;
mbamservice.exe;c:\program files\malwarebytes' anti-malware;Trojan.Starter.1695;Desinfiziert.;
ccsvchst.exe;c:\program files\norton 360\engine\5.0.0.125;Trojan.Starter.1695;Desinfiziert.;
regsrv64.exe;c:\users\administrator\appdata\roaming;Trojan.VbCrypt.80;Gelöscht.;

Chris4You · 29.12.2011, 16:42

Hi,

irgendwie kommen die Viecher schneller nach als das wir sie wieder los werden...
Poste auch das Log vom Fullscan und nochmal ein OTL-Log...

Danach Update für MAM und auch noch mal ein Fullscan...

chris

"Mediashifting.com" Virus

Plagegeister aller Art und deren Bekämpfung: "Mediashifting.com" Virus