"Mediashifting.com" Virus

DanyRibi · 28.12.2011, 18:53

Hallo!

Ich habe ein Problem mit meinem Laptop.
Immer wenn ich in Google etwas suche und dann auf den Link drücke, werde ich durch "www.mediashifting.com" auf verschiedene Seiten weitergeleitet.
Seit neustem kommt jetzt auch der Link "www.95p.com"

Wie kann ich den Virus beheben?
Da ich eine große Laie bin bitte ich euch mir alles Schritt für Schritt zu schildern was ich machen soll.
Danke im Vorraus

Chris4You · 28.12.2011, 18:55

Hi,

OTL
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

chris

DanyRibi · 28.12.2011, 19:54

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.12.2011 20:03:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programme\Virus
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 411,41 Mb Available Physical Memory | 43,18% Memory free
1,93 Gb Paging File | 1,36 Gb Available in Paging File | 70,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 28,68 Gb Free Space | 53,49% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,31 Gb Free Space | 35,44% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Programme\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - \\?\globalroot\systemroot\system32\mswsock.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (tdx) -- C:\Windows\System32\drivers\tdx.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\
CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
 
O1 HOSTS File: ([2011.11.28 13:36:02 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell - "" = AutoRun
O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.28 18:27:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}
[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}
[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}
[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}
[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}
[2011.12.26 22:39:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.12.26 21:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.26 21:13:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}
[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}
[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific
[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec
[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys
[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys
[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys
[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D
[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}
[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}
[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}
[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}
[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}
[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}
[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}
[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}
[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}
[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}
[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.12.19 21:50:54 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs
[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro
[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro
[2011.12.19 11:16:05 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2011.12.19 11:16:05 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO
[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer
[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host
[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games
[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}
[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore
[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line
[2011.12.18 20:35:10 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}
[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}
[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.12.18 03:03:48 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.12.18 03:03:48 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.12.18 03:03:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.12.18 03:03:47 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.12.18 03:03:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.12.18 03:03:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.12.18 03:03:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.12.18 03:03:47 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.12.18 03:03:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.12.18 03:03:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.12.18 03:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.12.18 03:03:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.12.18 03:03:46 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.12.18 03:03:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}
[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}
[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}
[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}
[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook
[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}
[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}
[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}
[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}
[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ
[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr
[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}
[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}
[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}
[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}
[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}
[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}
[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst
[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}
[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}
[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}
[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}
[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX
[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara
[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}
[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}
[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}
[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}
[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete
[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10
[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10
[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}
[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}
[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data
[2011.12.06 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2B1F679-50D7-445C-9578-3B5E7AD63807}
[2011.12.06 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F495AC1-C1D4-4EEB-9787-D81E264494E7}
[2011.12.05 21:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.12.05 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.05 21:44:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.05 21:44:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.05 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8A2F23C0-AFEF-4AEB-8881-0E7DC16E6140}
[2011.12.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E089A1A0-B25F-49A8-A8F8-C16F9C06DCEA}
[2011.12.04 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Deployment
[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps
[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb
[2011.12.04 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{15ED8E3F-517F-48FB-95F0-6D960EC85015}
[2011.12.04 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BB7597B2-858A-44DD-A98A-965C3D38C0C2}
[2011.12.03 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F7E2FEB-69CC-4B16-B352-FE4435C886FE}
[2011.12.03 19:48:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5389BE28-FACF-4142-B2AC-A1EE2D65BE42}
[2011.12.02 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C637353A-B56B-4A7F-BFDD-B8EFE4D5BDCC}
[2011.12.02 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{25A4F810-84C3-4DCD-9B21-EFDC53E26ADD}
[2011.12.02 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C93DE1B5-D585-4E35-A141-C222DEC630BE}
[2011.12.02 09:25:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F7D8078A-BCD1-4211-80CD-567BB113EAB9}
[2011.12.01 20:36:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{070B127A-96EF-4F2B-9A81-92BDDD4CC584}
[2011.12.01 20:36:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{52C31749-4BE9-43A1-8C6C-D339359FDCBE}
[2011.12.01 07:41:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{499F222A-AA6A-44A2-8EAE-B4DD012EC01B}
[2011.12.01 07:41:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A993F94E-AF14-46CD-8ACD-E77747B8337C}
[2011.12.01 07:40:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D8CDFA72-8B35-475F-9B3A-722ABF4B3345}
[2011.11.30 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{58770A29-F6FA-4901-9B3E-9E44FFA32B0A}
[2011.11.30 07:19:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A1E312B3-2EF2-473B-99CE-828567F633E1}
[2011.11.30 07:19:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{839BA023-EB82-49A9-9FD5-F5F4673225C2}
[2011.11.29 14:51:59 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.29 14:17:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{65BD232A-781A-4D3D-92D7-6DF832361BEF}
[2011.11.29 14:16:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7FDC2215-D876-4950-86D1-7CFB14DFF7D1}
[2011.11.28 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1B6A9BBE-26FE-4349-B724-217F576EDCF5}
[2011.11.28 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{98D9582E-13A6-4AD5-8652-20588D06FC7E}
[2011.11.28 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Tracing
[2011.11.28 20:52:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
[2011.11.28 20:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2011.11.28 20:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011.11.28 20:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.11.28 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live
[2011.11.28 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.12.28 19:10:35 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 19:10:35 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 19:03:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.28 19:03:12 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.28 15:37:14 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.28 15:37:14 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.28 15:37:14 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.28 15:37:14 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.25 23:47:51 | 000,890,854 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job
[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.25 18:45:05 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 21:50:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.18 03:03:48 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.12.18 03:03:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.12.18 03:03:48 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.12.18 03:03:48 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.12.18 03:03:47 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.12.18 03:03:47 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.12.18 03:03:47 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.12.18 03:03:47 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.12.18 03:03:47 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.12.18 03:03:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.12.18 03:03:47 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.12.18 03:03:46 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.12.18 03:03:46 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.12.18 03:03:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 22:45:59 | 175,148,793 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js
[2011.12.04 21:48:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
[2011.11.30 21:16:22 | 000,065,040 | ---- | M] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg
[2011.11.29 17:30:25 | 000,000,355 | ---- | M] () -- C:\Users\Administrator\Desktop\Computer.lnk
[2011.11.29 16:45:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.11.29 14:51:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.28 20:52:34 | 000,001,964 | ---- | M] () -- C:\Users\Administrator\Desktop\SAM Broadcaster.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.25 23:47:36 | 000,890,854 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf
[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf
[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf
[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf
[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf
[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat
[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat
[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat
[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini
[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js
[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.12.04 21:50:59 | 000,002,399 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
[2011.12.04 21:12:04 | 175,148,793 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.30 21:13:13 | 000,065,040 | ---- | C] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg
[2011.11.29 17:30:25 | 000,000,355 | ---- | C] () -- C:\Users\Administrator\Desktop\Computer.lnk
[2011.11.29 16:45:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.11.28 20:52:34 | 000,001,964 | ---- | C] () -- C:\Users\Administrator\Desktop\SAM Broadcaster.lnk
[2011.11.28 20:51:49 | 000,001,408 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.11.28 20:50:24 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat
[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat
[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat
[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:12:11 | 000,074,240 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 304 bytes -> C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation

< End of report >

--- --- ---

Hier der OTL.txt

DanyRibi · 28.12.2011, 19:56

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.12.2011 20:03:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programme\Virus
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 411,41 Mb Available Physical Memory | 43,18% Memory free
1,93 Gb Paging File | 1,36 Gb Available in Paging File | 70,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 28,68 Gb Free Space | 53,49% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,31 Gb Free Space | 35,44% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Foto Designer Pro 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759ef96c-3b1c-492b-b872-65869600a028}" = Nero 9
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C0410301-8AA7-460D-AB92-13BEDAC25753}" = 
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autoruns" = Autoruns
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core Temp" = Core Temp
"Counter-Strike 1.6" = Counter-Strike 1.6
"CPU-Z" = CPU-Z
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FL Studio 9" = FL Studio 9
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Gpuz" = GPU-Z
"Hardcore" = Hardcore
"HDTune" = HDTune
"IL Download Manager" = IL Download Manager
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mp3tag" = Mp3tag v2.48
"N360" = Norton 360
"NFOPad" = NFOPad 1.55
"PictureItSuite_v10" = Microsoft Picture It! Foto Designer Pro Plus 10
"PoiZone" = PoiZone
"Real Temp" = Real Temp
"SAM3" = SAM Broadcaster (remove only)
"Sawer" = Sawer
"Songr" = Songr
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities" = TuneUp Utilities
"Update Service" = Sony Ericsson Update Service
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows 7 Custom Theme Pack" = Windows 7 Custom Theme Pack
"Windows 7 Theme Pack" = Windows 7 Theme Pack
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"xp-AntiSpy" = xp-AntiSpy 3.98
"XYLIOfdp_is1" = FutureDecks Pro 2.0.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 557251
 
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 557251
 
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 565846
 
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 565846
 
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 573288
 
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 573288
 
Error - 28.12.2011 14:03:47 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description = 
 
[ System Events ]
Error - 28.12.2011 13:10:52 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 28.12.2011 13:29:49 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.12.2011 14:03:37 | Computer Name = FiFu-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?12.?2011 um 18:51:27 unerwartet heruntergefahren.
 
Error - 28.12.2011 14:03:41 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 28.12.2011 14:03:41 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 iPod-Dienst erreicht.
 
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 28.12.2011 14:06:02 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 MBAMService erreicht.
 
Error - 28.12.2011 14:06:02 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
 
< End of report >

--- --- ---

Hier der Extras.txt

Chris4You · 28.12.2011, 20:13

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Windows\System32\drivers\tdx.sys 
C:\Windows\unins000.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

[list]Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = dword:0x00
"InternetSettingsDisableNotify" = dword:0x00
"AutoUpdateDisableNotify" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

MBCHeck und MAM-Log noch...

chris

DanyRibi · 28.12.2011, 20:58

Zitat:

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
hxxp://mbam.malwarebytes.org/program...-installer.php
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

MBR-Check
Lade Dir hxxp://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris

soll ich diese Punkte trotzdem noch durchführen?

DanyRibi · 28.12.2011, 21:00

[SPOILER]Antivirus Version Last Update Result
AhnLab-V3 2011.12.28.03 2011.12.28 -
AntiVir 7.11.20.59 2011.12.28 -
Antiy-AVL 2.0.3.7 2011.12.28 -
Avast 6.0.1289.0 2011.12.28 -
AVG 10.0.0.1190 2011.12.28 -
BitDefender 7.2 2011.12.28 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.28 -
ClamAV 0.97.3.0 2011.12.28 -
Commtouch 5.3.2.6 2011.12.28 -
Comodo 11122 2011.12.28 -
DrWeb 5.0.2.03300 2011.12.28 -
Emsisoft 5.1.0.11 2011.12.28 -
eSafe 7.0.17.0 2011.12.25 -
eTrust-Vet 37.0.9650 2011.12.28 -
F-Prot 4.6.5.141 2011.12.28 -
F-Secure 9.0.16440.0 2011.12.28 -
Fortinet 4.3.388.0 2011.12.28 -
GData 22.323/22.610 2011.12.28 -
Ikarus T3.1.1.109.0 2011.12.28 -
Jiangmin 13.0.900 2011.12.28 -
K7AntiVirus 9.120.5796 2011.12.28 -
Kaspersky 9.0.0.837 2011.12.28 -
McAfee 5.400.0.1158 2011.12.28 -
McAfee-GW-Edition 2010.1E 2011.12.28 -
Microsoft 1.7903 2011.12.28 -
NOD32 6750 2011.12.28 -
Norman 6.07.13 2011.12.28 -
nProtect 2011-12-28.01 2011.12.28 -
Panda 10.0.3.5 2011.12.28 -
PCTools 8.0.0.5 2011.12.28 -
Prevx 3.0 2011.12.28 -
Rising 23.90.02.02 2011.12.28 -
Sophos 4.72.0 2011.12.28 -
SUPERAntiSpyware 4.40.0.1006 2011.12.27 -
Symantec 20111.2.0.82 2011.12.28 -
TheHacker 6.7.0.1.366 2011.12.27 -
TrendMicro 9.500.0.1008 2011.12.28 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.28 -
VBA32 3.12.16.4 2011.12.28 -
VIPRE 11317 2011.12.28 -
ViRobot 2011.12.28.4851 2011.12.28 -
VirusBuster 14.1.138.0 2011.12.28 -
Additional informationShow all
MD5 : cb39e896a2a83702d1737bfd402b3542
SHA1 : 8b529b5c51c7bd0e7c5a4ff6b0e7a64abde649ce
SHA256: fa77d98ea3606ca2fcef0e0949fde2c32a080b47cafde46ce903ca3cbfc5df35
ssdeep: 1536:9klJmrevoqvFyQ9/ffrQWxo953f4kTPeV1i5/sqOJFdl5w8xJXO3O:OlN3sc5AQkie5/sp
JFdlq8x0e
File size : 74240 bytes
First seen: 2009-07-19 02:12:11
Last seen : 2011-12-28 19:51:34
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: TDI Translation Driver
original name: tdx.sys
internal name: tdx.sys
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1303E
timedatestamp....: 0x4A5BBF4A (Mon Jul 13 23:12:10 2009)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xE8B3, 0xEA00, 6.41, 12b2ae36fea8454f6e82aff577dd708c
.rdata, 0x10000, 0x6EC, 0x800, 4.21, b80f2bcd1969979c6f9b482d727a021f
.data, 0x11000, 0x3A0, 0x200, 2.77, bc7cad3945605ccc34a21697e84021b3
PAGE, 0x12000, 0x4DC, 0x600, 5.27, ec945ab7bb158456785f47acb1c85d34
INIT, 0x13000, 0xCBC, 0xE00, 5.29, 9e8be2845d580dde6a1e865be349fcab
.rsrc, 0x14000, 0x3E8, 0x400, 3.36, f779ea3904cd7bbd404544e89e7218a8
.reloc, 0x15000, 0x100C, 0x1200, 6.18, d8ef5378864e86186167874ce25a9c07

[[ 5 import(s) ]]
ntoskrnl.exe: KeSetTimer, IoFreeWorkItem, IoQueueWorkItem, ZwQueryValueKey, ZwOpenKey, _vsnwprintf, KeFlushQueuedDpcs, KeCancelTimer, KeDelayExecutionThread, KeInitializeDpc, KeInitializeTimer, IoAllocateWorkItem, KeInitializeMutex, KeSetEvent, IoGetIrpExtraCreateParameter, MmUnlockPages, IoFreeMdl, KeReleaseSemaphore, KeReleaseMutex, IoAllocateMdl, ExAllocatePoolWithTagPriority, IoWMIWriteEvent, MmGetSystemRoutineAddress, IoWMIRegistrationControl, IoGetCurrentProcess, KeQueryMaximumProcessorCountEx, KeQuerySystemTime, RtlCopyUnicodeString, KeTickCount, KeBugCheckEx, RtlUnwind, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, ObfDereferenceObject, RtlInitUnicodeString, ExCreateCallback, RtlCompareMemory, IoCreateDevice, IoCreateSymbolicLink, IoDeleteSymbolicLink, IoDeleteDevice, KeInitializeSemaphore, IoFileObjectType, ObReferenceObjectByHandle, MmMapLockedPagesSpecifyCache, KeGetCurrentProcessorNumberEx, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, memcpy, ExAllocatePoolWithTag, ObDereferenceSecurityDescriptor, SeLockSubjectContext, IoGetFileObjectGenericMapping, SeAssignSecurity, SeUnlockSubjectContext, ObLogSecurityDescriptor, ExFreePoolWithTag, IoGetTopLevelIrp, memset, KeInitializeEvent, ExNotifyCallback, PsGetCurrentProcess, KeWaitForSingleObject, IofCompleteRequest, RtlUnicodeStringToInteger, RtlGetCallersAddress, KeReleaseInStackQueuedSpinLockFromDpcLevel, KeAcquireInStackQueuedSpinLockAtDpcLevel, IoInitializeWorkItem, IoSizeofWorkItem, IoUninitializeWorkItem, IoQueueWorkItemEx, MmProbeAndLockPages, KeGetCurrentThread
HAL.dll: KeAcquireInStackQueuedSpinLock, KeGetCurrentIrql, KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeReleaseInStackQueuedSpinLock
NETIO.SYS: NmrRegisterProvider, RtlCopyMdlToMdl, RtlCopyBufferToMdl, NsiGetParameter, NsiFreeTable, NsiAllocateAndGetTable, NmrClientDetachProviderComplete, NmrClientAttachProvider, NsiDeregisterChangeNotification, NsiSetAllParameters, NmrProviderDetachClientComplete, NmrDeregisterProvider, NmrWaitForProviderDeregisterComplete, RtlCopyMdlToBuffer, NmrRegisterClient, NsiRegisterChangeNotification, NsiGetAllParameters, NmrDeregisterClient, NmrWaitForClientDeregisterComplete
TDI.SYS: TdiDeregisterProvider, TdiProviderReady, TdiRegisterProvider, TdiDeregisterDeviceObject, TdiDeregisterNetAddress, TdiRegisterDeviceObject, TdiRegisterNetAddress, TdiPnPPowerRequest, TdiMapUserRequest
NDIS.SYS: NdisIfGetInterfaceIndexFromNetLuid

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 65024
CompanyName: Microsoft Corporation
EntryPoint: 0x1303e
FileDescription: TDI Translation Driver
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 72 kB
FileSubtype: 6
FileType: Win32 EXE
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 6.1.7600.16385
ImageVersion: 6.1
InitializedDataSize: 8704
InternalName: tdx.sys
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Driver
OriginalFilename: tdx.sys
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Native
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 01:12:10+02:00
UninitializedDataSize: 0 [/SPOILER]

Das ist hier ist von VirusTotal das erste

Chris4You · 28.12.2011, 21:02

Hi,

ja, auf jeden Fall...
Poste noch das Log der zweiten Datei...

chris

DanyRibi · 28.12.2011, 21:05

[SPOILER] Antivirus Version Last Update Result
AhnLab-V3 2011.12.28.03 2011.12.28 -
AntiVir 7.11.20.59 2011.12.28 -
Antiy-AVL 2.0.3.7 2011.12.28 -
Avast 6.0.1289.0 2011.12.28 -
AVG 10.0.0.1190 2011.12.28 -
BitDefender 7.2 2011.12.28 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.28 -
ClamAV 0.97.3.0 2011.12.28 -
Commtouch 5.3.2.6 2011.12.28 -
Comodo 11122 2011.12.28 -
DrWeb 5.0.2.03300 2011.12.28 -
Emsisoft 5.1.0.11 2011.12.28 -
eSafe 7.0.17.0 2011.12.25 -
eTrust-Vet 37.0.9650 2011.12.28 -
F-Prot 4.6.5.141 2011.12.28 -
F-Secure 9.0.16440.0 2011.12.28 -
Fortinet 4.3.388.0 2011.12.28 -
GData 22 2011.12.28 -
Ikarus T3.1.1.109.0 2011.12.28 -
Jiangmin 13.0.900 2011.12.28 -
K7AntiVirus 9.120.5796 2011.12.28 -
Kaspersky 9.0.0.837 2011.12.28 -
McAfee 5.400.0.1158 2011.12.28 -
McAfee-GW-Edition 2010.1E 2011.12.28 -
Microsoft 1.7903 2011.12.28 -
NOD32 6750 2011.12.28 -
Norman 6.07.13 2011.12.28 -
nProtect 2011-12-28.01 2011.12.28 -
Panda 10.0.3.5 2011.12.28 -
PCTools 8.0.0.5 2011.12.28 -
Prevx 3.0 2011.12.28 -
Rising 23.90.02.02 2011.12.28 -
Sophos 4.72.0 2011.12.28 -
SUPERAntiSpyware 4.40.0.1006 2011.12.27 -
Symantec 20111.2.0.82 2011.12.28 -
TheHacker 6.7.0.1.366 2011.12.27 -
TrendMicro 9.500.0.1008 2011.12.28 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.28 -
VBA32 3.12.16.4 2011.12.28 -
VIPRE 11317 2011.12.28 -
ViRobot 2011.12.28.4851 2011.12.28 -
VirusBuster 14.1.138.0 2011.12.28 -
Additional informationShow all
MD5 : 42669885e097c23ab7e7ac6fb00abc42
SHA1 : e70089fbbc32bf0a6b8ad7d70e84ade0427e245d
SHA256: fabe121dd06046f9329b37e9fbe1324dfc6de48f8c24a00591d4f4e97851ed89
ssdeep: 12288:i0QfKb7nH5lrPo37AzHTA63I0ihE4qE7prN9cgKARpkZXYnXExy8gs9g:SfKbT5lrPo37
AzHTA63/cfqAcgKckZIh
File size : 709724 bytes
First seen: 2010-02-13 08:55:13
Last seen : 2011-12-28 19:56:03
TrID:
Windows OCX File (86.8%)
Win32 Executable Delphi generic (10.3%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: Setup/Uninstall
original name: n/a
internal name: n/a
file version.: 51.50.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x933C0
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x925F8, 0x92600, 6.58, 950e9bffdff8b1afc7f81fed8584f3b1
DATA, 0x94000, 0x103C, 0x1200, 4.11, cddbf029146d500daccb5db3f93f79b3
BSS, 0x96000, 0x1488, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x98000, 0x25A4, 0x2600, 5.03, 466bb5755f9b35bcf5c5ea65669d018f
.tls, 0x9B000, 0x8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x9C000, 0x18, 0x200, 0.20, c69afab126bf434e49f23fb46e4baac7
.reloc, 0x9D000, 0x8730, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0xA6000, 0x13E00, 0x13E00, 4.93, c5b5704710f4d4cb1f72326efbb96735

[[ 17 import(s) ]]
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
user32.dll: MessageBoxA
oleaut32.dll: SafeArrayPutElement, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid
kernel32.dll: lstrcmpA, WriteProfileStringA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, TransactNamedPipe, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExA, LoadLibraryA, IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetComputerNameA, GetCommandLineA, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DeviceIoControl, DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime, CloseHandle
mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum
version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits, ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceA
user32.dll: WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx
comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls
ole32.dll: CoTaskMemFree, CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID
oleaut32.dll: GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA
shell32.dll: SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc
comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA
ole32.dll: CoDisconnectObject
advapi32.dll: AdjustTokenPrivileges

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 599552
EntryPoint: 0x933c0
FileDescription: Setup/Uninstall
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 693 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 51.50.0.0
FileVersionNumber: 51.50.0.0
ImageVersion: 6.0
InitializedDataSize: 131072
LanguageCode: Neutral
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
ObjectFileType: Executable application
PEType: PE32
ProductVersionNumber: 0.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0 [/SPOILER]

Das hier ist die zweite von VirusTotal.

Chris4You · 28.12.2011, 21:15

Hi,

Okay sieht sauber aus....
Kannst auch den MBRCheck vorziehen vor MAM, geht nicht so lange..

chris

DanyRibi · 28.12.2011, 21:28

Nachdem ich die Textdatei in OTL reinkopiert habe musste ich nach dem 'Fix' mein Laptop neu starten. Dann kam diese Textdatei
[SPOILER]All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2270642 bytes
->Temporary Internet Files folder emptied: 16993018 bytes
->Java cache emptied: 11327 bytes
->Google Chrome cache emptied: 340469915 bytes
->Flash cache emptied: 91886 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3596 bytes
RecycleBin emptied: 534599727 bytes

Total Files Cleaned = 853,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_212953

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.

Registry entries deleted on Reboot... [/SPOILER]

DanyRibi · 28.12.2011, 21:50

[SPOILER] MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Extensa 5230
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 156):
0x82C54000 \SystemRoot\system32\ntkrnlpa.exe
0x82C1D000 \SystemRoot\system32\halmacpi.dll
0x80BA3000 \SystemRoot\system32\kdcom.dll
0x83213000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8328B000 \SystemRoot\system32\PSHED.dll
0x8329C000 \SystemRoot\system32\BOOTVID.dll
0x832A4000 \SystemRoot\system32\CLFS.SYS
0x832E6000 \SystemRoot\system32\CI.dll
0x8702C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8709D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x870AB000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x870F3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x870FC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x87104000 \SystemRoot\system32\DRIVERS\pci.sys
0x8712E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x87139000 \SystemRoot\System32\drivers\partmgr.sys
0x8714A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x87152000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8715D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8716D000 \SystemRoot\System32\drivers\volmgrx.sys
0x871B8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x871BF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x871CD000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x87000000 \SystemRoot\System32\drivers\mountmgr.sys
0x87016000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83391000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8701F000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x833B4000 \SystemRoot\system32\drivers\fltmgr.sys
0x87207000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMDS.SYS
0x8725E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8726F000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMEFA.SYS
0x87411000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87540000 \SystemRoot\System32\Drivers\msrpc.sys
0x8756B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8757E000 \SystemRoot\System32\Drivers\cng.sys
0x875DB000 \SystemRoot\System32\drivers\pcw.sys
0x875E9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x87313000 \SystemRoot\system32\drivers\ndis.sys
0x8762C000 \SystemRoot\system32\drivers\NETIO.SYS
0x8766A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8768F000 \SystemRoot\System32\drivers\tcpip.sys
0x873CA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x877D8000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8780E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8784D000 \SystemRoot\System32\Drivers\spldr.sys
0x87855000 \SystemRoot\System32\drivers\rdyboost.sys
0x87882000 \SystemRoot\System32\Drivers\mup.sys
0x87892000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8789A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x878CC000 \SystemRoot\system32\DRIVERS\disk.sys
0x878DD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x87934000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87953000 \SystemRoot\System32\Drivers\Null.SYS
0x8795A000 \SystemRoot\System32\drivers\vga.sys
0x87966000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87987000 \SystemRoot\System32\drivers\watchdog.sys
0x87994000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8799C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x879A4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x879AC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x879B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x879D3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x879EA000 \systemroot\system32\drivers\TDI.SYS
0x8CA2A000 \SystemRoot\system32\drivers\afd.sys
0x8CA84000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CAB6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8CABD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CADC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8CAED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CAFB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CB0E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CB1E000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMNETS.SYS
0x8CB6D000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8CB93000 \SystemRoot\system32\drivers\N360\0500000.07D\Ironx86.SYS
0x8CBB7000 \SystemRoot\system32\drivers\N360\0500000.07D\SRTSPX.SYS
0x8D015000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D056000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D060000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D06A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys
0x8D0C5000 \SystemRoot\System32\drivers\discache.sys
0x8D0D1000 \SystemRoot\system32\drivers\csc.sys
0x8D135000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D14D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8C037000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0x8E617000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EB14000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C0E3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8EBCB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C11C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBD6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C167000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C186000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8DA1C000 \SystemRoot\system32\DRIVERS\athr.sys
0x8DB2C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8DB36000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8DB4F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DB53000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DB6B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DB78000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DB85000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8DB8B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DB94000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DBA6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8DBB3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8DBC5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DBDD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C1C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DBE8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EBE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E600000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8DA17000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C000000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C1E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D15B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D19F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D1B0000 \SystemRoot\system32\drivers\HdAudio.sys
0x8CBC2000 \SystemRoot\system32\drivers\portcls.sys
0x8CA00000 \SystemRoot\system32\drivers\drmk.sys
0x9363C000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x93679000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x93A3D000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x93AF2000 \SystemRoot\system32\drivers\modem.sys
0x93AFF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93B0C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x93B17000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93B20000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82600000 \SystemRoot\System32\win32k.sys
0x93B31000 \SystemRoot\System32\drivers\Dxapi.sys
0x93B3B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82860000 \SystemRoot\System32\TSDDD.dll
0x82890000 \SystemRoot\System32\cdd.dll
0x828B0000 \SystemRoot\System32\ATMFD.DLL
0x93B46000 \SystemRoot\system32\drivers\WudfPf.sys
0x93B60000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x93B70000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93BB6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93BC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x93BD9000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x93BE2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9377B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x937B6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x96E05000 \SystemRoot\system32\drivers\peauth.sys
0x96E9C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x96EA6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x96EB3000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0x96EB4000 \SystemRoot\System32\drivers\rdpdr.sys
0x96ED9000 \SystemRoot\system32\drivers\tdtcp.sys
0x96EE3000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x96EF0000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x96F21000 \SystemRoot\system32\drivers\HTTP.sys
0x77640000 \Windows\System32\ntdll.dll
0x483F0000 \Windows\System32\smss.exe
0x77880000 \Windows\System32\apisetschema.dll
0x00280000 \Windows\System32\autochk.exe

Processes (total 42):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
372 csrss.exe
424 C:\Windows\System32\wininit.exe
436 csrss.exe
492 C:\Windows\System32\winlogon.exe
532 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1376 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1408 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1452 C:\Program Files\Bonjour\mDNSResponder.exe
1484 C:\Windows\System32\svchost.exe
1572 C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
1596 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1700 C:\Windows\System32\dwm.exe
1716 C:\Windows\explorer.exe
1756 C:\Windows\System32\PSIService.exe
1804 C:\Windows\System32\svchost.exe
1872 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
1924 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2020 C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
584 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
964 C:\Program Files\Common Files\Java\Java Update\jusched.exe
904 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
684 C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
2168 C:\Windows\System32\svchost.exe
2432 [/SPOILER]

Hier der MBR Check

DanyRibi · 28.12.2011, 22:00

Bin gerade dabei den Malwarebytes Fullscan durchzuführen...
Ich poste dann die .log-Datei hier rein.

Hast du schon etwas gefunden?

Wie lange dauert der Scan ca?

Chris4You · 28.12.2011, 22:30

Hi,

der MBRCheck ist abgeschnitten bitte packen und als Anhang reinhängen..

chris

DanyRibi · 28.12.2011, 22:59

Hier nochmal der MBR Check als .zip-Datei

"Mediashifting.com" Virus

Plagegeister aller Art und deren Bekämpfung: "Mediashifting.com" Virus