| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Mediashifting.com" VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
04.01.2012, 12:57
| #1 |
 |  "Mediashifting.com" Virus Hallo! Hier der Bericht vom GMER GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-04 13:16:29
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: 78mci2i0.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldypog.sys
---- System - GMER 1.0.15 ----
SSDT 858B6C10 ZwAlertResumeThread
SSDT 858B6CF0 ZwAlertThread
SSDT 858ED9F0 ZwAllocateVirtualMemory
SSDT 8587B048 ZwAlpcConnectPort
SSDT 858B63B8 ZwAssignProcessToJobObject
SSDT 858B6960 ZwCreateMutant
SSDT 858B60D8 ZwCreateSymbolicLinkObject
SSDT 859F2B20 ZwCreateThread
SSDT 858B61C8 ZwCreateThreadEx
SSDT 858B6498 ZwDebugActiveProcess
SSDT 858EDBA0 ZwDuplicateObject
SSDT 858ED810 ZwFreeVirtualMemory
SSDT 858B6A50 ZwImpersonateAnonymousToken
SSDT 858B6B30 ZwImpersonateThread
SSDT 855E0ED0 ZwLoadDriver
SSDT 858ED710 ZwMapViewOfSection
SSDT 858B6880 ZwOpenEvent
SSDT 859F2A08 ZwOpenProcess
SSDT 858EDAE0 ZwOpenProcessToken
SSDT 858B66C0 ZwOpenSection
SSDT 859F2938 ZwOpenThread
SSDT 858B62C8 ZwProtectVirtualMemory
SSDT 858B6DD0 ZwResumeThread
SSDT 858ED460 ZwSetContextThread
SSDT 858ED540 ZwSetInformationProcess
SSDT 858B6578 ZwSetSystemInformation
SSDT 858B67A0 ZwSuspendProcess
SSDT 858B6EB0 ZwSuspendThread
SSDT 859F2C00 ZwTerminateProcess
SSDT 858B6F90 ZwTerminateThread
SSDT 858ED630 ZwUnmapViewOfSection
SSDT 858ED900 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C84579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82CB0724 8 Bytes [10, 6C, 8B, 85, F0, 6C, 8B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CB073C 4 Bytes [F0, D9, 8E, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82CB0748 4 Bytes [48, B0, 87, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82CB079C 4 Bytes [B8, 63, 8B, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82CB0818 4 Bytes [60, 69, 8B, 85]
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21488e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21488e@402ba1eeee7a 0xEB 0xE6 0x4E 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21488e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21488e@402ba1eeee7a 0xEB 0xE6 0x4E 0x73 ...
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB1455$\1889241803 0 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\@ 2048 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\L 0 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\L\xadqgnnk 74240 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\loader.tlb 2632 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U 0 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U\@00000001 45968 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000c0 3072 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000cb 3072 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U\@80000000 26112 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000c0 32768 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000cb 24064 bytes
File C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000cf 31744 bytes
File C:\Windows\$NtUninstallKB1455$\1904035700 0 bytes
---- EOF - GMER 1.0.15 ----
|
|
05.01.2012, 10:45
| #2 |
  | "Mediashifting.com" Virus Hi,
__________________Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop. http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe
Code:
ATTFilter
:dir
C:\Windows\$NtUninstallKB1455$ /s
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
winlogon.exe
userinit.exe
WS2_32.dll
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
chris
__________________ |
|
05.01.2012, 14:22
| #3 |
| | "Mediashifting.com" Virus Hallo!
__________________Hier die Ergebnisse vom SystemLook DanyRibi |
|
05.01.2012, 15:02
| #4 |
| | "Mediashifting.com" Virus OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2012 14:47:11 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 952,87 Mb Total Physical Memory | 395,27 Mb Available Physical Memory | 41,48% Memory free 1,93 Gb Paging File | 1,15 Gb Available in Paging File | 59,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 53,62 Gb Total Space | 27,76 Gb Free Space | 51,78% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 17,22 Gb Free Space | 35,27% Space Free | Partition Type: NTFS Drive E: | 46,50 Gb Total Space | 41,23 Gb Free Space | 88,67% Space Free | Partition Type: NTFS Drive F: | 332,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 5,69 Gb Total Space | 5,28 Gb Free Space | 92,83% Space Free | Partition Type: FAT32 Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll () MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll () MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll () MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll () MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll () MOD - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\APPLIC~1\160912~1.63\gcswf32.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation) SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\ CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ O1 HOSTS File: ([2011.12.29 15:06:58 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.12.21 23:03:36 | 000,000,033 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2011.12.29 11:07:02 | 000,012,320 | ---- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{67f9b365-19b2-11e1-8f52-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{67f9b365-19b2-11e1-8f52-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe -- [2011.03.11 00:20:00 | 000,853,992 | R--- | M] (Seiko Epson Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: AppInfo - File not found SafeBootMin: 33610407.sys - Driver SafeBootMin: AppInfo - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 33610407.sys - Driver SafeBootNet: AppInfo - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\setup50.exe" /APP:OE /CALLER:IE50 /user /install ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\setup50.exe" /APP:WAB /CALLER:IE50 /user /install ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Windows\System32\ [2012.01.05 14:46:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012.01.05 13:08:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8969EC72-091A-4305-878D-200786654B7A} [2012.01.05 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D8E11CB6-50E8-4EFB-8062-E4622F06700E} [2012.01.05 01:00:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9DAD6BF2-7548-45FA-8638-51BA8257BB7D} [2012.01.05 01:00:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{50919A37-85BB-4D37-AB9E-1A1148D9CDAD} [2012.01.04 11:56:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1A31310D-7225-46FD-A8F0-3257735B9D9A} [2012.01.04 11:55:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0E7CF5DC-A07C-473C-86B0-6BEC76A5D7CA} [2012.01.03 12:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Epson [2012.01.03 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ABBYY [2012.01.03 12:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint [2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 9.0 Sprint [2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY [2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY [2012.01.03 12:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2012.01.03 12:17:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield [2012.01.03 12:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2012.01.03 12:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software [2012.01.03 12:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON [2012.01.03 12:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.01.03 12:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.01.03 12:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\epson [2012.01.03 11:57:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F04A8962-0CB2-42D8-8FFB-54F5191DBEBE} [2012.01.03 11:57:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{207302E0-CA97-48B6-AF27-FA069C0264DC} [2012.01.02 18:19:47 | 000,000,000 | ---D | C] -- C:\TDSS [2012.01.02 15:44:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Amazon [2012.01.02 15:40:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.01.02 14:57:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A6E7FA4F-B9BC-4F4F-AA06-B9E1A250E4CC} [2012.01.02 14:57:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BF98FF71-B7E6-4B56-8810-6894E17F532E} [2012.01.01 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{639320BD-DFF2-44A7-88E5-61B923D2D3BC} [2012.01.01 13:15:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E3E17551-5555-4C18-A009-0172A3E71FC5} [2012.01.01 01:11:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F5DEE3EE-3A77-4069-8872-A0516733D4C8} [2012.01.01 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{171A2393-E16D-42EC-A59A-67D8E2791DDF} [2011.12.31 18:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.31 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7543530A-3BF2-4D40-B2F2-D5CFEF87FC47} [2011.12.31 13:09:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E670B477-4E8D-4708-860C-BB15747133BB} [2011.12.29 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb [2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2011.12.29 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D6DF5517-0866-46C0-B035-0E23E581F263} [2011.12.29 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6FFDEF2E-28F7-4570-9A3F-D901AE7592ED} [2011.12.28 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.28 22:15:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20} [2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25} [2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB} [2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9} [2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F} [2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17} [2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185} [2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific [2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec [2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys [2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys [2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys [2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys [2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys [2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys [2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360 [2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D [2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 [2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings [2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80} [2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970} [2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717} [2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8} [2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767} [2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744} [2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP [2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E} [2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827} [2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A} [2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF} [2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86) [2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs [2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6 [2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro [2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro [2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO [2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer [2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host [2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games [2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536} [2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore [2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line [2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins [2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim [2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line [2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7} [2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4} [2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8} [2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6} [2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2} [2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF} [2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook [2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC} [2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1} [2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99} [2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3} [2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ [2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ [2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft [2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr [2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82} [2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84} [2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB} [2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3} [2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72} [2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78} [2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst [2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F} [2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6} [2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965} [2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA} [2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX [2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara [2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services [2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX [2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads [2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX [2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023} [2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6} [2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61} [2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5} [2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310} [2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete [2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete [2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin [2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10 [2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10 [2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE} [2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483} [2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\ [2012.01.05 14:19:46 | 000,268,592 | ---- | M] () -- C:\Users\Administrator\Desktop\SystemLook.zip [2012.01.05 13:28:30 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.05 13:28:30 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.05 13:28:30 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.05 13:28:30 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.05 13:23:39 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 13:23:39 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 13:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.05 13:16:00 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys [2012.01.05 02:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI [2012.01.03 12:17:57 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss [2012.01.03 12:16:19 | 000,894,558 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB [2012.01.02 18:21:33 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job [2012.01.02 15:41:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.12.29 16:00:43 | 189,948,433 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.29 15:06:58 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.12.28 19:43:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job [2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd [2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf [2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk [2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk [2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp [2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk [2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk [2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk [2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk [2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js ========== Files Created - No Company Name ========== [2012.01.05 14:19:45 | 000,268,592 | ---- | C] () -- C:\Users\Administrator\Desktop\SystemLook.zip [2012.01.05 02:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2012.01.03 12:17:44 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss [2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.25 23:47:36 | 000,894,558 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB [2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk [2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf [2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf [2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf [2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf [2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf [2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf [2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat [2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat [2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat [2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat [2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat [2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat [2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini [2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd [2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf [2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk [2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk [2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp [2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk [2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk [2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk [2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job [2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk [2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js [2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job [2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll [2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll [2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe [2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat [2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe [2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat [2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe [2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat [2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll ========== LOP Check ========== [2012.01.02 15:44:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon [2012.01.03 12:47:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson [2011.11.28 12:33:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit [2011.12.18 21:11:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hardcore [2011.11.28 12:34:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView [2011.12.19 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host [2011.12.10 14:09:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX [2011.12.19 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sawer [2011.12.25 23:47:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tific [2011.11.28 18:11:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software [2011.11.28 16:59:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems [2011.12.07 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VshareComplete [2009.07.14 05:53:46 | 000,001,888 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.02 18:21:33 | 000,000,248 | ---- | M] () -- C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2_32.DLL > [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll < c:\windows\system32\drivers\*.sys /lockedfiles > < c:\windows\system32\*.dll /lockedfiles > < %systemroot%\*. /mp /s > < %PROGRAMFILES%\*. > [2012.01.03 12:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 9.0 Sprint [2011.12.09 20:15:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2011.11.28 17:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player [2011.12.29 11:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon [2011.11.28 19:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2011.12.04 21:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour [2011.11.28 15:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\ClearProg [2012.01.03 12:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2011.11.28 15:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Corel [2011.12.19 12:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Counter-Strike 1.6 [2009.07.14 09:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker [2011.12.14 22:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft [2012.01.03 12:17:09 | 000,000,000 | ---D | M] -- C:\Program Files\epson [2012.01.03 12:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software [2011.12.31 18:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\ESET [2011.11.28 19:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\Firebird [2011.11.28 13:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software [2011.11.28 12:22:11 | 000,000,000 | -HSD | M] -- C:\Program Files\Gemeinsame Dateien [2011.12.18 20:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line [2012.01.03 12:18:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2011.12.18 02:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2011.12.28 18:30:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPod [2011.11.28 12:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView [2011.12.28 18:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes [2011.12.05 21:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2011.12.10 14:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\MAGIX [2011.12.28 23:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.13 16:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 10 [2009.07.14 09:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games [2011.11.28 13:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2011.11.29 14:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2011.11.28 13:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2011.11.28 13:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2011.11.28 13:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2011.11.28 19:20:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mp3tag [2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2011.11.28 13:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\Nero [2010.03.31 18:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\NFOPad [2011.12.25 23:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360 [2011.12.25 23:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller [2010.03.31 18:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\olsystems CPL Pack [2011.11.28 17:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2011.12.18 20:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim [2011.11.28 19:19:58 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFiltrePortable [2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2011.11.28 19:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\simfy VZ edition [2011.12.18 16:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Songr [2011.12.19 21:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson [2011.11.28 19:23:09 | 000,000,000 | ---D | M] -- C:\Program Files\SpacialAudio [2011.12.25 23:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec [2011.11.28 19:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client [2011.11.28 19:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer [2011.12.04 21:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2010 [2011.11.28 17:15:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2011.12.19 22:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ [2011.12.07 21:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\vShare.tv plugin [2011.12.07 21:43:53 | 000,000,000 | ---D | M] -- C:\Program Files\VshareComplete [2011.12.18 20:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins [2009.07.14 09:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal [2011.11.28 20:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live [2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2011.11.28 12:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer [2009.07.14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices [2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar [2011.12.22 18:03:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP [2011.11.28 15:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\xp-AntiSpy [2011.12.19 11:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\XYLIO [2011.11.28 12:32:55 | 000,000,000 | ---D | M] -- C:\Program Files\Z-Zip < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB1455$] -> Error: Cannot create file handle -> Unknown point type < End of report > es ist kein Extra.txt gekommen..! |
|
06.01.2012, 10:34
| #5 |
| | "Mediashifting.com" Virus hi, über ein Microsoft FixPack KB1455 ist mir nichts bekannt, da ist was faul... auch GMER zeigt Verlinkungen dahin... Bevor ich das per Hand entsorge, schauen wir mal was ComboFix dazu sagt: Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
07.01.2012, 21:03
| #6 |
| | "Mediashifting.com" Virus Combofix hat nicht funktioniert. Ich habe mein Virenprogramm gelöscht und es nochmals drauf gespielt und jetzt ist alles ok. DANKE DAFÜR!  jetzt aber noch eine weitere Frage. Seit heute hab ich das Problem, dass kein Desktophintergrund angezeigt wird, genauso wenig wie die Miniaturansichten von Programmen und Bildern.. Das sieht dann so aus (siehe Bilder) Kannst du mir da weiter helfen? |
|
09.01.2012, 09:59
| #7 |
| | "Mediashifting.com" Virus Hi, lief dann Combofix durch? Poste ds Log... Unhide Lade Dir unhide von folgender Adresse runter und dann per Doppelklick als Admin ausführen: http://filepony.de/download-unhide/ Es werden alle versteckten Dateien sichtbar gemacht, ggf. welche die versteckt sein sollten wieder unsichtbar machen (Auswählen im Explorer->Eingenschaften->versteckt) Win7:
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu "Mediashifting.com" Virus |
| 95p.com, beheben, drücke, google, große, link, mediashifting.com, online virus, problem, schritt, seite, seiten, suche, verschiedene, virus, virus oder maleware beseitigen |
Hybrid-Darstellung
