Trojaner-Board - "Mediashifting.com" Virus

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - "Mediashifting.com" Virus (https://www.trojaner-board.de/107112-mediashifting-com-virus.html)

DanyRibi

28.12.2011 18:53

"Mediashifting.com" Virus

Hallo! :)

Ich habe ein Problem mit meinem Laptop.
Immer wenn ich in Google etwas suche und dann auf den Link drücke, werde ich durch "www.mediashifting.com" auf verschiedene Seiten weitergeleitet.
Seit neustem kommt jetzt auch der Link "www.95p.com"

Wie kann ich den Virus beheben?
Da ich eine große Laie bin bitte ich euch mir alles Schritt für Schritt zu schildern was ich machen soll.
Danke im Vorraus :D

Chris4You

28.12.2011 18:55

Hi,

OTL
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

chris

DanyRibi

28.12.2011 19:54

OTL Logfile:

Code:

OTL logfile created on: 28.12.2011 20:03:19 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programme\Virus

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

952,87 Mb Total Physical Memory | 411,41 Mb Available Physical Memory | 43,18% Memory free

1,93 Gb Paging File | 1,36 Gb Available in Paging File | 70,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 53,62 Gb Total Space | 28,68 Gb Free Space | 53,49% Space Free | Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 17,31 Gb Free Space | 35,44% Space Free | Partition Type: NTFS

Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS

 

Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Programme\Virus\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\PSIService.exe ()

PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - \\?\globalroot\systemroot\system32\mswsock.DLL ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)

SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)

DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (tdx) -- C:\Windows\System32\drivers\tdx.sys ()

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\

CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

 

O1 HOSTS File: ([2011.11.28 13:36:02 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell - "" = AutoRun

O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell\AutoRun\command - "" = G:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

File not found -- C:\Windows\System32\

[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.12.28 18:27:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}

[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}

[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}

[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}

[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}

[2011.12.26 22:39:10 | 000,000,000 | ---D | C] -- C:\Avenger

[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2011.12.26 21:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.26 21:13:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}

[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}

[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific

[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec

[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys

[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys

[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys

[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys

[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys

[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys

[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360

[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D

[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360

[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings

[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}

[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}

[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}

[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}

[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}

[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}

[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP

[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP

[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}

[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}

[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}

[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}

[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)

[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson

[2011.12.19 21:50:54 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll

[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys

[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys

[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs

[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6

[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro

[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro

[2011.12.19 11:16:05 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll

[2011.12.19 11:16:05 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll

[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO

[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer

[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host

[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games

[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}

[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore

[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line

[2011.12.18 20:35:10 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm

[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins

[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim

[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}

[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}

[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011.12.18 03:03:48 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2011.12.18 03:03:48 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011.12.18 03:03:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011.12.18 03:03:47 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2011.12.18 03:03:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011.12.18 03:03:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011.12.18 03:03:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011.12.18 03:03:47 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2011.12.18 03:03:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011.12.18 03:03:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011.12.18 03:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011.12.18 03:03:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011.12.18 03:03:46 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011.12.18 03:03:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}

[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}

[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}

[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}

[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook

[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}

[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}

[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}

[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}

[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ

[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ

[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ

[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft

[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr

[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}

[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}

[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}

[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}

[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}

[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}

[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst

[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}

[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}

[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}

[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}

[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX

[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara

[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX

[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads

[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX

[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}

[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}

[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}

[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}

[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}

[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete

[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete

[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin

[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10

[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10

[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}

[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}

[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data

[2011.12.06 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2B1F679-50D7-445C-9578-3B5E7AD63807}

[2011.12.06 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F495AC1-C1D4-4EEB-9787-D81E264494E7}

[2011.12.05 21:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.12.05 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011.12.05 21:44:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011.12.05 21:44:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011.12.05 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8A2F23C0-AFEF-4AEB-8881-0E7DC16E6140}

[2011.12.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E089A1A0-B25F-49A8-A8F8-C16F9C06DCEA}

[2011.12.04 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011.12.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google

[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Deployment

[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps

[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb

[2011.12.04 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{15ED8E3F-517F-48FB-95F0-6D960EC85015}

[2011.12.04 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BB7597B2-858A-44DD-A98A-965C3D38C0C2}

[2011.12.03 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F7E2FEB-69CC-4B16-B352-FE4435C886FE}

[2011.12.03 19:48:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5389BE28-FACF-4142-B2AC-A1EE2D65BE42}

[2011.12.02 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C637353A-B56B-4A7F-BFDD-B8EFE4D5BDCC}

[2011.12.02 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{25A4F810-84C3-4DCD-9B21-EFDC53E26ADD}

[2011.12.02 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C93DE1B5-D585-4E35-A141-C222DEC630BE}

[2011.12.02 09:25:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F7D8078A-BCD1-4211-80CD-567BB113EAB9}

[2011.12.01 20:36:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{070B127A-96EF-4F2B-9A81-92BDDD4CC584}

[2011.12.01 20:36:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{52C31749-4BE9-43A1-8C6C-D339359FDCBE}

[2011.12.01 07:41:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{499F222A-AA6A-44A2-8EAE-B4DD012EC01B}

[2011.12.01 07:41:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A993F94E-AF14-46CD-8ACD-E77747B8337C}

[2011.12.01 07:40:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D8CDFA72-8B35-475F-9B3A-722ABF4B3345}

[2011.11.30 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{58770A29-F6FA-4901-9B3E-9E44FFA32B0A}

[2011.11.30 07:19:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A1E312B3-2EF2-473B-99CE-828567F633E1}

[2011.11.30 07:19:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{839BA023-EB82-49A9-9FD5-F5F4673225C2}

[2011.11.29 14:51:59 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011.11.29 14:17:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{65BD232A-781A-4D3D-92D7-6DF832361BEF}

[2011.11.29 14:16:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7FDC2215-D876-4950-86D1-7CFB14DFF7D1}

[2011.11.28 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1B6A9BBE-26FE-4349-B724-217F576EDCF5}

[2011.11.28 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{98D9582E-13A6-4AD5-8652-20588D06FC7E}

[2011.11.28 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Tracing

[2011.11.28 20:52:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster

[2011.11.28 20:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird

[2011.11.28 20:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2011.11.28 20:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011.11.28 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live

[2011.11.28 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

File not found -- C:\Windows\System32\

[2011.12.28 19:10:35 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.28 19:10:35 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.28 19:03:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.28 19:03:12 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.12.28 15:37:14 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.28 15:37:14 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.28 15:37:14 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.28 15:37:14 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.25 23:47:51 | 000,890,854 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB

[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job

[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011.12.25 18:45:05 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job

[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd

[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk

[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk

[2011.12.19 21:50:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll

[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys

[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys

[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp

[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk

[2011.12.18 03:03:48 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2011.12.18 03:03:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011.12.18 03:03:48 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011.12.18 03:03:48 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011.12.18 03:03:47 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2011.12.18 03:03:47 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011.12.18 03:03:47 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011.12.18 03:03:47 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2011.12.18 03:03:47 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011.12.18 03:03:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011.12.18 03:03:47 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011.12.18 03:03:46 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011.12.18 03:03:46 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011.12.18 03:03:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk

[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job

[2011.12.10 22:45:59 | 175,148,793 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk

[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js

[2011.12.04 21:48:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job

[2011.11.30 21:16:22 | 000,065,040 | ---- | M] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg

[2011.11.29 17:30:25 | 000,000,355 | ---- | M] () -- C:\Users\Administrator\Desktop\Computer.lnk

[2011.11.29 16:45:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011.11.29 14:51:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011.11.28 20:52:34 | 000,001,964 | ---- | M] () -- C:\Users\Administrator\Desktop\SAM Broadcaster.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.12.25 23:47:36 | 000,890,854 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB

[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf

[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf

[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf

[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf

[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf

[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf

[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat

[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat

[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat

[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat

[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat

[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat

[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini

[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd

[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk

[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk

[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp

[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk

[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk

[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk

[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job

[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk

[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js

[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job

[2011.12.04 21:50:59 | 000,002,399 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job

[2011.12.04 21:12:04 | 175,148,793 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.11.30 21:13:13 | 000,065,040 | ---- | C] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg

[2011.11.29 17:30:25 | 000,000,355 | ---- | C] () -- C:\Users\Administrator\Desktop\Computer.lnk

[2011.11.29 16:45:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011.11.28 20:52:34 | 000,001,964 | ---- | C] () -- C:\Users\Administrator\Desktop\SAM Broadcaster.lnk

[2011.11.28 20:51:49 | 000,001,408 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2011.11.28 20:50:24 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll

[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll

[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll

[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe

[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat

[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe

[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat

[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe

[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat

[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.07.14 00:12:11 | 000,074,240 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys

[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin

[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 304 bytes -> C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation
 

< End of report >

--- --- ---

Hier der OTL.txt

DanyRibi

28.12.2011 19:56

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 28.12.2011 20:03:19 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programme\Virus

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

952,87 Mb Total Physical Memory | 411,41 Mb Available Physical Memory | 43,18% Memory free

1,93 Gb Paging File | 1,36 Gb Available in Paging File | 70,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 53,62 Gb Total Space | 28,68 Gb Free Space | 53,49% Space Free | Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 17,31 Gb Free Space | 35,44% Space Free | Partition Type: NTFS

Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS

 

Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne

"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Foto Designer Pro 10

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{759ef96c-3b1c-492b-b872-65869600a028}" = Nero 9

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C0410301-8AA7-460D-AB92-13BEDAC25753}" = 

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete

"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"7-Zip" = 7-Zip 9.10 beta

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Autoruns" = Autoruns

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"ClearProg" = ClearProg 1.6.0 Final

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Core Temp" = Core Temp

"Counter-Strike 1.6" = Counter-Strike 1.6

"CPU-Z" = CPU-Z

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)

"FL Studio 9" = FL Studio 9

"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908

"Gpuz" = GPU-Z

"Hardcore" = Hardcore

"HDTune" = HDTune

"IL Download Manager" = IL Download Manager

"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3

"IrfanView" = IrfanView (remove only)

"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mp3tag" = Mp3tag v2.48

"N360" = Norton 360

"NFOPad" = NFOPad 1.55

"PictureItSuite_v10" = Microsoft Picture It! Foto Designer Pro Plus 10

"PoiZone" = PoiZone

"Real Temp" = Real Temp

"SAM3" = SAM Broadcaster (remove only)

"Sawer" = Sawer

"Songr" = Songr

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TeamViewer 6" = TeamViewer 6

"Toxic Biohazard" = Toxic Biohazard

"TuneUp Utilities" = TuneUp Utilities

"Update Service" = Sony Ericsson Update Service

"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions

"vShare.tv plugin" = vShare.tv plugin 1.3

"Windows 7 Custom Theme Pack" = Windows 7 Custom Theme Pack

"Windows 7 Theme Pack" = Windows 7 Theme Pack

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.3.5

"xp-AntiSpy" = xp-AntiSpy 3.98

"XYLIOfdp_is1" = FutureDecks Pro 2.0.4

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 557251

 

Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 557251

 

Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 565846

 

Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 565846

 

Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 573288

 

Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 573288

 

Error - 28.12.2011 14:03:47 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

[ System Events ]

Error - 28.12.2011 13:10:52 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 28.12.2011 13:29:49 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Neustart des Diensts.

 

Error - 28.12.2011 14:03:37 | Computer Name = FiFu-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?28.?12.?2011 um 18:51:27 unerwartet heruntergefahren.

 

Error - 28.12.2011 14:03:41 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 

von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 28.12.2011 14:03:41 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%577

 

Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 iPod-Dienst erreicht.

 

Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 28.12.2011 14:06:02 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 MBAMService erreicht.

 

Error - 28.12.2011 14:06:02 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

 

< End of report >

--- --- ---

Hier der Extras.txt

Chris4You

28.12.2011 20:13

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

C:\Windows\System32\drivers\tdx.sys 

C:\Windows\unins000.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

[list]Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif

Code:



:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UacDisableNotify" = dword:0x00

"InternetSettingsDisableNotify" = dword:0x00

"AutoUpdateDisableNotify" = dword:0x00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = dword:0x00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = dword:0x00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = dword:0x00
 

:Commands

[emptytemp]

[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

MBCHeck und MAM-Log noch...

chris

DanyRibi

28.12.2011 20:58

Zitat:

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
hxxp://mbam.malwarebytes.org/program...-installer.php
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

MBR-Check
Lade Dir hxxp://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris

soll ich diese Punkte trotzdem noch durchführen?

DanyRibi

28.12.2011 21:00

Chris4You

28.12.2011 21:02

Hi,

ja, auf jeden Fall...
Poste noch das Log der zweiten Datei...

chris

DanyRibi

28.12.2011 21:05

[SPOILER] Antivirus Version Last Update Result
AhnLab-V3 2011.12.28.03 2011.12.28 -
AntiVir 7.11.20.59 2011.12.28 -
Antiy-AVL 2.0.3.7 2011.12.28 -
Avast 6.0.1289.0 2011.12.28 -
AVG 10.0.0.1190 2011.12.28 -
BitDefender 7.2 2011.12.28 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.28 -
ClamAV 0.97.3.0 2011.12.28 -
Commtouch 5.3.2.6 2011.12.28 -
Comodo 11122 2011.12.28 -
DrWeb 5.0.2.03300 2011.12.28 -
Emsisoft 5.1.0.11 2011.12.28 -
eSafe 7.0.17.0 2011.12.25 -
eTrust-Vet 37.0.9650 2011.12.28 -
F-Prot 4.6.5.141 2011.12.28 -
F-Secure 9.0.16440.0 2011.12.28 -
Fortinet 4.3.388.0 2011.12.28 -
GData 22 2011.12.28 -
Ikarus T3.1.1.109.0 2011.12.28 -
Jiangmin 13.0.900 2011.12.28 -
K7AntiVirus 9.120.5796 2011.12.28 -
Kaspersky 9.0.0.837 2011.12.28 -
McAfee 5.400.0.1158 2011.12.28 -
McAfee-GW-Edition 2010.1E 2011.12.28 -
Microsoft 1.7903 2011.12.28 -
NOD32 6750 2011.12.28 -
Norman 6.07.13 2011.12.28 -
nProtect 2011-12-28.01 2011.12.28 -
Panda 10.0.3.5 2011.12.28 -
PCTools 8.0.0.5 2011.12.28 -
Prevx 3.0 2011.12.28 -
Rising 23.90.02.02 2011.12.28 -
Sophos 4.72.0 2011.12.28 -
SUPERAntiSpyware 4.40.0.1006 2011.12.27 -
Symantec 20111.2.0.82 2011.12.28 -
TheHacker 6.7.0.1.366 2011.12.27 -
TrendMicro 9.500.0.1008 2011.12.28 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.28 -
VBA32 3.12.16.4 2011.12.28 -
VIPRE 11317 2011.12.28 -
ViRobot 2011.12.28.4851 2011.12.28 -
VirusBuster 14.1.138.0 2011.12.28 -
Additional informationShow all
MD5 : 42669885e097c23ab7e7ac6fb00abc42
SHA1 : e70089fbbc32bf0a6b8ad7d70e84ade0427e245d
SHA256: fabe121dd06046f9329b37e9fbe1324dfc6de48f8c24a00591d4f4e97851ed89
ssdeep: 12288:i0QfKb7nH5lrPo37AzHTA63I0ihE4qE7prN9cgKARpkZXYnXExy8gs9g:SfKbT5lrPo37
AzHTA63/cfqAcgKckZIh
File size : 709724 bytes
First seen: 2010-02-13 08:55:13
Last seen : 2011-12-28 19:56:03
TrID:
Windows OCX File (86.8%)
Win32 Executable Delphi generic (10.3%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: Setup/Uninstall
original name: n/a
internal name: n/a
file version.: 51.50.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x933C0
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x925F8, 0x92600, 6.58, 950e9bffdff8b1afc7f81fed8584f3b1
DATA, 0x94000, 0x103C, 0x1200, 4.11, cddbf029146d500daccb5db3f93f79b3
BSS, 0x96000, 0x1488, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x98000, 0x25A4, 0x2600, 5.03, 466bb5755f9b35bcf5c5ea65669d018f
.tls, 0x9B000, 0x8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x9C000, 0x18, 0x200, 0.20, c69afab126bf434e49f23fb46e4baac7
.reloc, 0x9D000, 0x8730, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0xA6000, 0x13E00, 0x13E00, 4.93, c5b5704710f4d4cb1f72326efbb96735

[[ 17 import(s) ]]
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
user32.dll: MessageBoxA
oleaut32.dll: SafeArrayPutElement, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid
kernel32.dll: lstrcmpA, WriteProfileStringA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, TransactNamedPipe, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExA, LoadLibraryA, IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetComputerNameA, GetCommandLineA, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DeviceIoControl, DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime, CloseHandle
mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum
version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits, ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceA
user32.dll: WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx
comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls
ole32.dll: CoTaskMemFree, CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID
oleaut32.dll: GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA
shell32.dll: SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc
comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA
ole32.dll: CoDisconnectObject
advapi32.dll: AdjustTokenPrivileges

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 599552
EntryPoint: 0x933c0
FileDescription: Setup/Uninstall
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 693 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 51.50.0.0
FileVersionNumber: 51.50.0.0
ImageVersion: 6.0
InitializedDataSize: 131072
LanguageCode: Neutral
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
ObjectFileType: Executable application
PEType: PE32
ProductVersionNumber: 0.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0 [/SPOILER]

Das hier ist die zweite von VirusTotal.

Chris4You

28.12.2011 21:15

Hi,

Okay sieht sauber aus....
Kannst auch den MBRCheck vorziehen vor MAM, geht nicht so lange..

chris

DanyRibi

28.12.2011 21:28

Nachdem ich die Textdatei in OTL reinkopiert habe musste ich nach dem 'Fix' mein Laptop neu starten. Dann kam diese Textdatei
[SPOILER]All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2270642 bytes
->Temporary Internet Files folder emptied: 16993018 bytes
->Java cache emptied: 11327 bytes
->Google Chrome cache emptied: 340469915 bytes
->Flash cache emptied: 91886 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3596 bytes
RecycleBin emptied: 534599727 bytes

Total Files Cleaned = 853,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_212953

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.

Registry entries deleted on Reboot... [/SPOILER]

DanyRibi

28.12.2011 21:50

[SPOILER] MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Extensa 5230
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 156):
0x82C54000 \SystemRoot\system32\ntkrnlpa.exe
0x82C1D000 \SystemRoot\system32\halmacpi.dll
0x80BA3000 \SystemRoot\system32\kdcom.dll
0x83213000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8328B000 \SystemRoot\system32\PSHED.dll
0x8329C000 \SystemRoot\system32\BOOTVID.dll
0x832A4000 \SystemRoot\system32\CLFS.SYS
0x832E6000 \SystemRoot\system32\CI.dll
0x8702C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8709D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x870AB000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x870F3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x870FC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x87104000 \SystemRoot\system32\DRIVERS\pci.sys
0x8712E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x87139000 \SystemRoot\System32\drivers\partmgr.sys
0x8714A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x87152000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8715D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8716D000 \SystemRoot\System32\drivers\volmgrx.sys
0x871B8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x871BF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x871CD000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x87000000 \SystemRoot\System32\drivers\mountmgr.sys
0x87016000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83391000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8701F000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x833B4000 \SystemRoot\system32\drivers\fltmgr.sys
0x87207000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMDS.SYS
0x8725E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8726F000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMEFA.SYS
0x87411000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87540000 \SystemRoot\System32\Drivers\msrpc.sys
0x8756B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8757E000 \SystemRoot\System32\Drivers\cng.sys
0x875DB000 \SystemRoot\System32\drivers\pcw.sys
0x875E9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x87313000 \SystemRoot\system32\drivers\ndis.sys
0x8762C000 \SystemRoot\system32\drivers\NETIO.SYS
0x8766A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8768F000 \SystemRoot\System32\drivers\tcpip.sys
0x873CA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x877D8000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8780E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8784D000 \SystemRoot\System32\Drivers\spldr.sys
0x87855000 \SystemRoot\System32\drivers\rdyboost.sys
0x87882000 \SystemRoot\System32\Drivers\mup.sys
0x87892000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8789A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x878CC000 \SystemRoot\system32\DRIVERS\disk.sys
0x878DD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x87934000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87953000 \SystemRoot\System32\Drivers\Null.SYS
0x8795A000 \SystemRoot\System32\drivers\vga.sys
0x87966000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87987000 \SystemRoot\System32\drivers\watchdog.sys
0x87994000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8799C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x879A4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x879AC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x879B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x879D3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x879EA000 \systemroot\system32\drivers\TDI.SYS
0x8CA2A000 \SystemRoot\system32\drivers\afd.sys
0x8CA84000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CAB6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8CABD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CADC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8CAED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CAFB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CB0E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CB1E000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMNETS.SYS
0x8CB6D000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8CB93000 \SystemRoot\system32\drivers\N360\0500000.07D\Ironx86.SYS
0x8CBB7000 \SystemRoot\system32\drivers\N360\0500000.07D\SRTSPX.SYS
0x8D015000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D056000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D060000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D06A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys
0x8D0C5000 \SystemRoot\System32\drivers\discache.sys
0x8D0D1000 \SystemRoot\system32\drivers\csc.sys
0x8D135000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D14D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8C037000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0x8E617000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EB14000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C0E3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8EBCB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C11C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBD6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C167000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C186000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8DA1C000 \SystemRoot\system32\DRIVERS\athr.sys
0x8DB2C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8DB36000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8DB4F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DB53000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DB6B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DB78000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DB85000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8DB8B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DB94000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DBA6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8DBB3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8DBC5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DBDD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C1C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DBE8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EBE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E600000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8DA17000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C000000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C1E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D15B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D19F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D1B0000 \SystemRoot\system32\drivers\HdAudio.sys
0x8CBC2000 \SystemRoot\system32\drivers\portcls.sys
0x8CA00000 \SystemRoot\system32\drivers\drmk.sys
0x9363C000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x93679000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x93A3D000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x93AF2000 \SystemRoot\system32\drivers\modem.sys
0x93AFF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93B0C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x93B17000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93B20000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82600000 \SystemRoot\System32\win32k.sys
0x93B31000 \SystemRoot\System32\drivers\Dxapi.sys
0x93B3B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82860000 \SystemRoot\System32\TSDDD.dll
0x82890000 \SystemRoot\System32\cdd.dll
0x828B0000 \SystemRoot\System32\ATMFD.DLL
0x93B46000 \SystemRoot\system32\drivers\WudfPf.sys
0x93B60000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x93B70000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93BB6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93BC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x93BD9000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x93BE2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9377B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x937B6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x96E05000 \SystemRoot\system32\drivers\peauth.sys
0x96E9C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x96EA6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x96EB3000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0x96EB4000 \SystemRoot\System32\drivers\rdpdr.sys
0x96ED9000 \SystemRoot\system32\drivers\tdtcp.sys
0x96EE3000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x96EF0000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x96F21000 \SystemRoot\system32\drivers\HTTP.sys
0x77640000 \Windows\System32\ntdll.dll
0x483F0000 \Windows\System32\smss.exe
0x77880000 \Windows\System32\apisetschema.dll
0x00280000 \Windows\System32\autochk.exe

Processes (total 42):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
372 csrss.exe
424 C:\Windows\System32\wininit.exe
436 csrss.exe
492 C:\Windows\System32\winlogon.exe
532 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1376 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1408 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1452 C:\Program Files\Bonjour\mDNSResponder.exe
1484 C:\Windows\System32\svchost.exe
1572 C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
1596 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1700 C:\Windows\System32\dwm.exe
1716 C:\Windows\explorer.exe
1756 C:\Windows\System32\PSIService.exe
1804 C:\Windows\System32\svchost.exe
1872 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
1924 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2020 C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
584 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
964 C:\Program Files\Common Files\Java\Java Update\jusched.exe
904 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
684 C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
2168 C:\Windows\System32\svchost.exe
2432 [/SPOILER]

Hier der MBR Check :)

DanyRibi

28.12.2011 22:00

Bin gerade dabei den Malwarebytes Fullscan durchzuführen...
Ich poste dann die .log-Datei hier rein.

Hast du schon etwas gefunden? :)
Wie lange dauert der Scan ca?

Chris4You

28.12.2011 22:30

Hi,

der MBRCheck ist abgeschnitten bitte packen und als Anhang reinhängen..

chris

DanyRibi

28.12.2011 22:59

Hier nochmal der MBR Check als .zip-Datei

Chris4You

28.12.2011 23:04

Hi,

fast gut, entweder das Log hört plötzlich auf (was kein gutes Zeichen ist), oder Du hast es nicht ganz kopiert...

2168 C:\Windows\System32\svchost.exe
2432

Im anschluß an MAM:
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Isch habe den Verdacht auf Rootkit...

chris

DanyRibi

28.12.2011 23:09

Ich habe 2 mal ein Fullscan mit Malwarebytes gemacht.
Eins heute (28.12) und eins vorgestern (26.12) ich poste sie mal hier rein..

Das ist der vom 26.
[SPOILER]Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122604

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.12.2011 22:36:37
mbam-log-2011-12-26 (22-36-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 286165
Laufzeit: 1 Stunde(n), 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=16d49936-2114-11e1-a3d6-001d72dac89a) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\709b8acb\X (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\709b8acb\U\00000001.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\709b8acb\U\800000cb.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\709b8acb\U\800000cf.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Delete on reboot.
d:\programme\tuneup media v1.1.9 (itunes plugin)\tuneupmedia_fix.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
d:\programme\norton 360 with crack\1box_ntr2011.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.[/SPOILER]

DanyRibi

28.12.2011 23:11

soll ich den MBR Check nochmals machen?

Gruß DanyRibi

DanyRibi

28.12.2011 23:12

... und hier nochmal der MAM vom 28.12

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.28.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: FIFU-PC [Administrator]

Schutz: Deaktiviert

28.12.2011 22:20:25
mbam-log-2011-12-28 (22-20-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 286377
Laufzeit: 45 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Avenger\Desktop.ini (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Löschen bei Neustart.

(Ende)

DanyRibi

28.12.2011 23:27

Liste der Anhänge anzeigen (Anzahl: 1)

Bei dem TDSS Killer kommt jetzt folgendes :

Was soll ich tun?

Chris4You

28.12.2011 23:43

Hi,

ja, das ist das was ich erwartet hatte, mbrchek hätte ihn auch finden sollen...
Unbdingt beseitigen lassen!

chris

DanyRibi

28.12.2011 23:46

ok. hab's gemacht. du bekommst gleich die .log-Datei

DanyRibi

28.12.2011 23:54

hier ist die .log-Datei vom TDSS Killer

[SPOILER]23:43:45.0089 1944 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:43:45.0323 1944 ============================================================
23:43:45.0323 1944 Current date / time: 2011/12/28 23:43:45.0323
23:43:45.0323 1944 SystemInfo:
23:43:45.0323 1944
23:43:45.0323 1944 OS Version: 6.1.7600 ServicePack: 0.0
23:43:45.0323 1944 Product type: Workstation
23:43:45.0323 1944 ComputerName: FIFU-PC
23:43:45.0323 1944 UserName: Administrator
23:43:45.0323 1944 Windows directory: C:\Windows
23:43:45.0323 1944 System windows directory: C:\Windows
23:43:45.0323 1944 Processor architecture: Intel x86
23:43:45.0323 1944 Number of processors: 1
23:43:45.0323 1944 Page size: 0x1000
23:43:45.0323 1944 Boot type: Normal boot
23:43:45.0323 1944 ============================================================
23:43:46.0914 1944 Initialize success
23:43:58.0598 3056 ============================================================
23:43:58.0598 3056 Scan started
23:43:58.0598 3056 Mode: Manual;
23:43:58.0598 3056 ============================================================
23:44:00.0501 3056 .tdx - ok
23:44:00.0876 3056 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:44:00.0876 3056 1394ohci - ok
23:44:01.0235 3056 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:44:01.0250 3056 ACPI - ok
23:44:01.0609 3056 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:44:01.0609 3056 AcpiPmi - ok
23:44:02.0046 3056 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:44:02.0077 3056 adp94xx - ok
23:44:02.0451 3056 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:44:02.0451 3056 adpahci - ok
23:44:02.0826 3056 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:44:02.0826 3056 adpu320 - ok
23:44:03.0247 3056 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
23:44:03.0278 3056 AFD - ok
23:44:03.0637 3056 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:44:03.0637 3056 agp440 - ok
23:44:03.0996 3056 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:44:03.0996 3056 aic78xx - ok
23:44:04.0386 3056 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:44:04.0386 3056 aliide - ok
23:44:04.0776 3056 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:44:04.0776 3056 amdagp - ok
23:44:05.0181 3056 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:44:05.0181 3056 amdide - ok
23:44:05.0556 3056 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:44:05.0556 3056 AmdK8 - ok
23:44:05.0930 3056 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:44:05.0930 3056 AmdPPM - ok
23:44:06.0554 3056 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
23:44:06.0554 3056 amdsata - ok
23:44:06.0913 3056 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:44:06.0913 3056 amdsbs - ok
23:44:07.0272 3056 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
23:44:07.0272 3056 amdxata - ok
23:44:07.0631 3056 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:44:07.0631 3056 AppID - ok
23:44:08.0036 3056 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:44:08.0036 3056 arc - ok
23:44:08.0426 3056 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:44:08.0426 3056 arcsas - ok
23:44:08.0816 3056 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:44:08.0816 3056 AsyncMac - ok
23:44:09.0206 3056 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:44:09.0206 3056 atapi - ok
23:44:09.0674 3056 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
23:44:09.0705 3056 athr - ok
23:44:10.0127 3056 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:44:10.0127 3056 b06bdrv - ok
23:44:10.0532 3056 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:44:10.0532 3056 b57nd60x - ok
23:44:10.0797 3056 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
23:44:10.0829 3056 BHDrvx86 - ok
23:44:11.0187 3056 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:44:11.0187 3056 blbdrive - ok
23:44:11.0593 3056 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
23:44:11.0593 3056 bowser - ok
23:44:11.0967 3056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:44:11.0967 3056 BrFiltLo - ok
23:44:12.0311 3056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:44:12.0326 3056 BrFiltUp - ok
23:44:12.0732 3056 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:44:12.0732 3056 Brserid - ok
23:44:13.0122 3056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:44:13.0122 3056 BrSerWdm - ok
23:44:13.0496 3056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:44:13.0496 3056 BrUsbMdm - ok
23:44:13.0839 3056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:44:13.0839 3056 BrUsbSer - ok
23:44:14.0245 3056 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
23:44:14.0245 3056 BthEnum - ok
23:44:14.0619 3056 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:44:14.0619 3056 BTHMODEM - ok
23:44:14.0994 3056 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
23:44:14.0994 3056 BthPan - ok
23:44:15.0415 3056 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
23:44:15.0431 3056 BTHPORT - ok
23:44:15.0805 3056 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
23:44:15.0805 3056 BTHUSB - ok
23:44:16.0195 3056 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:44:16.0195 3056 cdfs - ok
23:44:16.0569 3056 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:44:16.0569 3056 cdrom - ok
23:44:16.0944 3056 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:44:16.0944 3056 circlass - ok
23:44:17.0225 3056 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:44:17.0225 3056 CLFS - ok
23:44:17.0583 3056 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:44:17.0583 3056 CmBatt - ok
23:44:17.0958 3056 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:44:17.0958 3056 cmdide - ok
23:44:18.0317 3056 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:44:18.0332 3056 CNG - ok
23:44:18.0707 3056 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:44:18.0707 3056 Compbatt - ok
23:44:19.0050 3056 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:44:19.0065 3056 CompositeBus - ok
23:44:19.0455 3056 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:44:19.0455 3056 crcdisk - ok
23:44:19.0877 3056 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:44:19.0908 3056 CSC - ok
23:44:20.0298 3056 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
23:44:20.0298 3056 DfsC - ok
23:44:20.0735 3056 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:44:20.0735 3056 discache - ok
23:44:21.0125 3056 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:44:21.0125 3056 Disk - ok
23:44:21.0530 3056 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:44:21.0530 3056 drmkaud - ok
23:44:21.0951 3056 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
23:44:21.0983 3056 DXGKrnl - ok
23:44:22.0419 3056 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:44:22.0513 3056 ebdrv - ok
23:44:22.0934 3056 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:44:22.0965 3056 elxstor - ok
23:44:23.0340 3056 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:44:23.0340 3056 ErrDev - ok
23:44:23.0730 3056 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:44:23.0730 3056 exfat - ok
23:44:24.0104 3056 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:44:24.0104 3056 fastfat - ok
23:44:24.0479 3056 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:44:24.0479 3056 fdc - ok
23:44:24.0869 3056 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:44:24.0884 3056 FileInfo - ok
23:44:25.0259 3056 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:44:25.0259 3056 Filetrace - ok
23:44:25.0649 3056 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:44:25.0649 3056 flpydisk - ok
23:44:26.0054 3056 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:44:26.0070 3056 FltMgr - ok
23:44:26.0460 3056 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:44:26.0460 3056 FsDepends - ok
23:44:26.0865 3056 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:44:26.0865 3056 Fs_Rec - ok
23:44:27.0271 3056 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
23:44:27.0271 3056 fvevol - ok
23:44:27.0630 3056 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:44:27.0630 3056 gagp30kx - ok
23:44:28.0035 3056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:44:28.0035 3056 GEARAspiWDM - ok
23:44:28.0457 3056 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
23:44:28.0457 3056 ggflt - ok
23:44:28.0831 3056 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
23:44:28.0831 3056 ggsemc - ok
23:44:29.0221 3056 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:44:29.0221 3056 hcw85cir - ok
23:44:29.0611 3056 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:44:29.0642 3056 HdAudAddService - ok
23:44:30.0032 3056 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:44:30.0048 3056 HDAudBus - ok
23:44:30.0423 3056 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:44:30.0423 3056 HidBatt - ok
23:44:30.0860 3056 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:44:30.0860 3056 HidBth - ok
23:44:31.0250 3056 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:44:31.0250 3056 HidIr - ok
23:44:31.0624 3056 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:44:31.0624 3056 HidUsb - ok
23:44:32.0014 3056 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:44:32.0014 3056 HpSAMD - ok
23:44:32.0436 3056 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:44:32.0482 3056 HTTP - ok
23:44:32.0857 3056 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:44:32.0857 3056 hwpolicy - ok
23:44:33.0231 3056 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:44:33.0231 3056 i8042prt - ok
23:44:33.0652 3056 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
23:44:33.0668 3056 iaStorV - ok
23:44:33.0902 3056 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys
23:44:33.0902 3056 IDSVix86 - ok
23:44:34.0417 3056 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:44:34.0526 3056 igfx - ok
23:44:34.0900 3056 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:44:34.0900 3056 iirsp - ok
23:44:35.0259 3056 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:44:35.0259 3056 intelide - ok
23:44:35.0634 3056 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:44:35.0634 3056 intelppm - ok
23:44:36.0024 3056 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:44:36.0024 3056 IpFilterDriver - ok
23:44:36.0367 3056 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:44:36.0382 3056 IPMIDRV - ok
23:44:36.0741 3056 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:44:36.0741 3056 IPNAT - ok
23:44:37.0131 3056 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:44:37.0147 3056 IRENUM - ok
23:44:37.0521 3056 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:44:37.0521 3056 isapnp - ok
23:44:37.0911 3056 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:44:37.0927 3056 iScsiPrt - ok
23:44:38.0301 3056 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:44:38.0317 3056 kbdclass - ok
23:44:38.0676 3056 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:44:38.0676 3056 kbdhid - ok
23:44:39.0066 3056 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
23:44:39.0066 3056 KSecDD - ok
23:44:39.0424 3056 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
23:44:39.0440 3056 KSecPkg - ok
23:44:39.0846 3056 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:44:39.0846 3056 lltdio - ok
23:44:40.0251 3056 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:44:40.0267 3056 LSI_FC - ok
23:44:40.0641 3056 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:44:40.0641 3056 LSI_SAS - ok
23:44:41.0031 3056 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:44:41.0031 3056 LSI_SAS2 - ok
23:44:41.0406 3056 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:44:41.0406 3056 LSI_SCSI - ok
23:44:41.0983 3056 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:44:42.0030 3056 MBAMProtector - ok
23:44:42.0435 3056 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:44:42.0435 3056 megasas - ok
23:44:42.0825 3056 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:44:42.0825 3056 MegaSR - ok
23:44:43.0215 3056 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:44:43.0215 3056 Modem - ok
23:44:43.0590 3056 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:44:43.0590 3056 monitor - ok
23:44:43.0948 3056 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:44:43.0948 3056 mouclass - ok
23:44:44.0338 3056 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:44:44.0338 3056 mouhid - ok
23:44:44.0697 3056 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:44:44.0713 3056 mountmgr - ok
23:44:45.0072 3056 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:44:45.0072 3056 mpio - ok
23:44:45.0430 3056 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:44:45.0430 3056 mpsdrv - ok
23:44:45.0867 3056 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:44:45.0867 3056 MRxDAV - ok
23:44:46.0257 3056 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:44:46.0257 3056 mrxsmb - ok
23:44:46.0663 3056 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:44:46.0678 3056 mrxsmb10 - ok
23:44:47.0068 3056 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:44:47.0068 3056 mrxsmb20 - ok
23:44:47.0427 3056 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:44:47.0427 3056 msahci - ok
23:44:47.0786 3056 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:44:47.0802 3056 msdsm - ok
23:44:48.0176 3056 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:44:48.0176 3056 Msfs - ok
23:44:48.0566 3056 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:44:48.0566 3056 mshidkmdf - ok
23:44:48.0972 3056 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:44:48.0972 3056 msisadrv - ok
23:44:49.0362 3056 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:44:49.0362 3056 MSKSSRV - ok
23:44:49.0798 3056 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:44:49.0798 3056 MSPCLOCK - ok
23:44:50.0157 3056 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:44:50.0157 3056 MSPQM - ok
23:44:50.0547 3056 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:44:50.0547 3056 MsRPC - ok
23:44:50.0906 3056 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:44:50.0906 3056 mssmbios - ok
23:44:51.0280 3056 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:44:51.0280 3056 MSTEE - ok
23:44:51.0670 3056 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:44:51.0670 3056 MTConfig - ok
23:44:52.0060 3056 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:44:52.0060 3056 Mup - ok
23:44:52.0544 3056 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:44:52.0544 3056 NativeWifiP - ok
23:44:52.0809 3056 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS
23:44:52.0809 3056 NAVENG - ok
23:44:52.0903 3056 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS
23:44:52.0934 3056 NAVEX15 - ok
23:44:53.0308 3056 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:44:53.0324 3056 NDIS - ok
23:44:53.0683 3056 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:44:53.0683 3056 NdisCap - ok
23:44:54.0073 3056 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:44:54.0073 3056 NdisTapi - ok
23:44:54.0463 3056 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:44:54.0463 3056 Ndisuio - ok
23:44:54.0868 3056 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:44:54.0868 3056 NdisWan - ok
23:44:55.0305 3056 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:44:55.0305 3056 NDProxy - ok
23:44:55.0680 3056 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:44:55.0680 3056 NetBIOS - ok
23:44:56.0070 3056 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:44:56.0085 3056 NetBT - ok
23:44:56.0506 3056 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:44:56.0506 3056 nfrd960 - ok
23:44:56.0881 3056 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:44:56.0896 3056 Npfs - ok
23:44:57.0271 3056 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:44:57.0286 3056 nsiproxy - ok
23:44:57.0770 3056 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
23:44:57.0832 3056 Ntfs - ok
23:44:58.0176 3056 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:44:58.0176 3056 Null - ok
23:44:58.0566 3056 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
23:44:58.0566 3056 nvraid - ok
23:44:58.0956 3056 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
23:44:58.0956 3056 nvstor - ok
23:44:59.0392 3056 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:44:59.0408 3056 nv_agp - ok
23:45:00.0422 3056 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:45:00.0516 3056 ohci1394 - ok
23:45:00.0952 3056 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:45:00.0968 3056 Parport - ok
23:45:01.0452 3056 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
23:45:01.0467 3056 partmgr - ok
23:45:01.0826 3056 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:45:01.0826 3056 Parvdm - ok
23:45:02.0341 3056 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:45:02.0341 3056 pci - ok
23:45:02.0715 3056 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:45:02.0715 3056 pciide - ok
23:45:03.0105 3056 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:45:03.0105 3056 pcmcia - ok
23:45:03.0480 3056 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:45:03.0480 3056 pcw - ok
23:45:03.0932 3056 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:45:03.0979 3056 PEAUTH - ok
23:45:04.0977 3056 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:45:04.0977 3056 PptpMiniport - ok
23:45:05.0648 3056 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:45:05.0726 3056 Processor - ok
23:45:06.0241 3056 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:45:06.0256 3056 Psched - ok
23:45:06.0771 3056 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:45:06.0896 3056 ql2300 - ok
23:45:07.0270 3056 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:45:07.0270 3056 ql40xx - ok
23:45:08.0456 3056 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:45:08.0456 3056 QWAVEdrv - ok
23:45:08.0908 3056 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:45:08.0908 3056 RasAcd - ok
23:45:10.0359 3056 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:45:10.0359 3056 RasAgileVpn - ok
23:45:10.0749 3056 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:45:10.0765 3056 Rasl2tp - ok
23:45:11.0155 3056 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:45:11.0155 3056 RasPppoe - ok
23:45:11.0545 3056 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:45:11.0545 3056 RasSstp - ok
23:45:12.0028 3056 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:45:12.0028 3056 rdbss - ok
23:45:12.0543 3056 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:45:12.0559 3056 rdpbus - ok
23:45:12.0918 3056 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:45:12.0918 3056 RDPCDD - ok
23:45:13.0432 3056 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:45:13.0432 3056 RDPDR - ok
23:45:13.0900 3056 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:45:13.0994 3056 RDPENCDD - ok
23:45:14.0712 3056 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:45:14.0727 3056 RDPREFMP - ok
23:45:16.0287 3056 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
23:45:16.0287 3056 RDPWD - ok
23:45:16.0677 3056 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:45:16.0677 3056 rdyboost - ok
23:45:17.0098 3056 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
23:45:17.0098 3056 RFCOMM - ok
23:45:17.0504 3056 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:45:17.0504 3056 rspndr - ok
23:45:17.0863 3056 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:45:17.0863 3056 s3cap - ok
23:45:18.0268 3056 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:45:18.0268 3056 sbp2port - ok
23:45:18.0643 3056 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:45:18.0643 3056 scfilter - ok
23:45:19.0064 3056 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
23:45:19.0064 3056 sdbus - ok
23:45:19.0438 3056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:45:19.0438 3056 secdrv - ok
23:45:19.0828 3056 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:45:19.0828 3056 Serenum - ok
23:45:20.0250 3056 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:45:20.0250 3056 Serial - ok
23:45:20.0640 3056 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:45:20.0640 3056 sermouse - ok
23:45:21.0014 3056 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:45:21.0014 3056 sffdisk - ok
23:45:21.0576 3056 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:45:21.0576 3056 sffp_mmc - ok
23:45:22.0044 3056 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:45:22.0044 3056 sffp_sd - ok
23:45:22.0387 3056 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:45:22.0449 3056 sfloppy - ok
23:45:22.0933 3056 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:45:22.0933 3056 sisagp - ok
23:45:27.0082 3056 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:45:27.0098 3056 SiSRaid2 - ok
23:45:29.0267 3056 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:45:29.0391 3056 SiSRaid4 - ok
23:45:29.0953 3056 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:45:29.0953 3056 Smb - ok
23:45:30.0343 3056 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:45:30.0343 3056 spldr - ok
23:45:30.0873 3056 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS
23:45:30.0889 3056 SRTSP - ok
23:45:31.0326 3056 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS
23:45:31.0326 3056 SRTSPX - ok
23:45:31.0716 3056 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
23:45:31.0731 3056 srv - ok
23:45:32.0121 3056 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
23:45:32.0121 3056 srv2 - ok
23:45:32.0527 3056 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:45:32.0543 3056 SrvHsfHDA - ok
23:45:32.0917 3056 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:45:32.0948 3056 SrvHsfV92 - ok
23:45:33.0354 3056 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:45:33.0369 3056 SrvHsfWinac - ok
23:45:33.0759 3056 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
23:45:33.0759 3056 srvnet - ok
23:45:34.0181 3056 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:45:34.0181 3056 stexstor - ok
23:45:34.0539 3056 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:45:34.0539 3056 storflt - ok
23:45:34.0898 3056 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:45:34.0898 3056 storvsc - ok
23:45:35.0257 3056 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:45:35.0257 3056 swenum - ok
23:45:35.0756 3056 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS
23:45:35.0772 3056 SymDS - ok
23:45:36.0255 3056 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS
23:45:36.0271 3056 SymEFA - ok
23:45:36.0661 3056 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
23:45:36.0661 3056 SymEvent - ok
23:45:37.0129 3056 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS
23:45:37.0129 3056 SymIRON - ok
23:45:37.0597 3056 SymNetS (d4636a051890a92d1c8c2d9e7a5c8381) C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS
23:45:37.0597 3056 SymNetS - ok
23:45:38.0049 3056 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
23:45:38.0081 3056 Tcpip - ok
23:45:38.0471 3056 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
23:45:38.0486 3056 TCPIP6 - ok
23:45:38.0892 3056 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:45:38.0892 3056 tcpipreg - ok
23:45:39.0266 3056 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:45:39.0266 3056 TDPIPE - ok
23:45:39.0609 3056 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
23:45:39.0609 3056 TDTCP - ok
23:45:39.0968 3056 tdx (02bede7c69bc6d86e8600316f35c7f57) C:\Windows\system32\DRIVERS\tdx.sys
23:45:39.0968 3056 tdx ( Rootkit.Win32.ZAccess.g ) - infected
23:45:39.0968 3056 tdx - detected Rootkit.Win32.ZAccess.g (0)
23:45:40.0358 3056 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:45:40.0358 3056 TermDD - ok
23:45:40.0779 3056 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:45:40.0779 3056 tssecsrv - ok
23:45:41.0045 3056 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
23:45:41.0045 3056 TuneUpUtilitiesDrv - ok
23:45:41.0388 3056 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:45:41.0403 3056 tunnel - ok
23:45:41.0778 3056 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:45:41.0793 3056 uagp35 - ok
23:45:42.0183 3056 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:45:42.0199 3056 udfs - ok
23:45:42.0651 3056 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:45:42.0745 3056 uliagpkx - ok
23:45:43.0079 3056 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:45:43.0079 3056 umbus - ok
23:45:43.0471 3056 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:45:43.0471 3056 UmPass - ok
23:45:43.0861 3056 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:45:43.0861 3056 USBAAPL - ok
23:45:44.0242 3056 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
23:45:44.0242 3056 usbccgp - ok
23:45:44.0632 3056 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:45:44.0632 3056 usbcir - ok
23:45:45.0007 3056 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
23:45:45.0007 3056 usbehci - ok
23:45:45.0397 3056 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
23:45:45.0412 3056 usbhub - ok
23:45:45.0787 3056 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
23:45:45.0787 3056 usbohci - ok
23:45:46.0177 3056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:45:46.0177 3056 usbprint - ok
23:45:46.0567 3056 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:45:46.0582 3056 USBSTOR - ok
23:45:47.0035 3056 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
23:45:47.0035 3056 usbuhci - ok
23:45:47.0549 3056 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
23:45:47.0549 3056 VClone - ok
23:45:47.0893 3056 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:45:47.0893 3056 vdrvroot - ok
23:45:48.0251 3056 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:45:48.0251 3056 vga - ok
23:45:48.0641 3056 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:45:48.0641 3056 VgaSave - ok
23:45:49.0109 3056 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:45:49.0125 3056 vhdmp - ok
23:45:49.0484 3056 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:45:49.0484 3056 viaagp - ok
23:45:49.0858 3056 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:45:49.0858 3056 ViaC7 - ok
23:45:50.0233 3056 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:45:50.0233 3056 viaide - ok
23:45:50.0591 3056 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:45:50.0591 3056 vmbus - ok
23:45:50.0935 3056 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:45:50.0950 3056 VMBusHID - ok
23:45:51.0309 3056 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:45:51.0309 3056 volmgr - ok
23:45:51.0683 3056 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:45:51.0715 3056 volmgrx - ok
23:45:52.0120 3056 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:45:52.0120 3056 volsnap - ok
23:45:52.0775 3056 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:45:52.0775 3056 vsmraid - ok
23:45:53.0165 3056 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:45:53.0165 3056 vwifibus - ok
23:45:53.0571 3056 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:45:53.0571 3056 vwififlt - ok
23:45:54.0133 3056 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
23:45:54.0133 3056 vwifimp - ok
23:45:54.0507 3056 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:45:54.0523 3056 WacomPen - ok
23:45:54.0866 3056 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:54.0866 3056 WANARP - ok
23:45:54.0881 3056 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:54.0881 3056 Wanarpv6 - ok
23:45:55.0303 3056 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:45:55.0303 3056 Wd - ok
23:45:55.0661 3056 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:45:55.0661 3056 Wdf01000 - ok
23:45:56.0098 3056 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:45:56.0098 3056 WfpLwf - ok
23:45:56.0473 3056 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:45:56.0473 3056 WIMMount - ok
23:45:56.0909 3056 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
23:45:56.0909 3056 WinUsb - ok
23:45:57.0331 3056 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:45:57.0331 3056 WmiAcpi - ok
23:45:57.0752 3056 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:45:57.0752 3056 ws2ifsl - ok
23:45:58.0126 3056 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:45:58.0126 3056 WudfPf - ok
23:45:58.0501 3056 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:45:58.0501 3056 WUDFRd - ok
23:45:58.0594 3056 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:45:58.0657 3056 \Device\Harddisk0\DR0 - ok
23:45:58.0672 3056 Boot (0x1200) (d9309ba9da18506827077a43b40cdaeb) \Device\Harddisk0\DR0\Partition0
23:45:58.0672 3056 \Device\Harddisk0\DR0\Partition0 - ok
23:45:58.0688 3056 Boot (0x1200) (e607270cd54bb73414cb04ed59578b2e) \Device\Harddisk0\DR0\Partition1
23:45:58.0688 3056 \Device\Harddisk0\DR0\Partition1 - ok
23:45:58.0735 3056 Boot (0x1200) (2ca966281e8767d6ba71212b76470b5f) \Device\Harddisk0\DR0\Partition2
23:45:58.0735 3056 \Device\Harddisk0\DR0\Partition2 - ok
23:45:58.0766 3056 Boot (0x1200) (318536f777627ce692442de47272d540) \Device\Harddisk0\DR0\Partition3
23:45:58.0766 3056 \Device\Harddisk0\DR0\Partition3 - ok
23:45:58.0766 3056 ============================================================
23:45:58.0766 3056 Scan finished
23:45:58.0766 3056 ============================================================
23:45:58.0781 3468 Detected object count: 1
23:45:58.0781 3468 Actual detected object count: 1
00:08:10.0726 3468 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
00:08:13.0206 3468 Backup copy found, using it..
00:08:13.0502 3468 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
00:08:34.0968 3468 C:\Windows\System32\c_70780.nls - will be deleted on reboot
00:08:45.0514 3468 tdx ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
00:09:41.0377 2720 Deinitialize success [/SPOILER]

DanyRibi

29.12.2011 00:27

muss ich jetzt noch etwas machen oder war's das jetzt? :)

Chris4You

29.12.2011 07:20

Hi,

lass bitte noch mal MBRCheck laufen...
Wenn der Rechner keine Symphtome mehr hat, wären wir durch...

Zur Sicherheit abschließend noch Dr.Web...
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

DanyRibi

29.12.2011 11:51

so hier nochmal den MBR Check von heute:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Extensa 5230
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 161):
0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x80BA1000 \SystemRoot\system32\kdcom.dll
0x8323B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832B3000 \SystemRoot\system32\PSHED.dll
0x832C4000 \SystemRoot\system32\BOOTVID.dll
0x832CC000 \SystemRoot\system32\CLFS.SYS
0x8330E000 \SystemRoot\system32\CI.dll
0x87039000 \SystemRoot\system32\drivers\Wdf01000.sys
0x870AA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x870B8000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x87100000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x87109000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x87111000 \SystemRoot\system32\DRIVERS\pci.sys
0x8713B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x87146000 \SystemRoot\System32\drivers\partmgr.sys
0x87157000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8715F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8716A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8717A000 \SystemRoot\System32\drivers\volmgrx.sys
0x871C5000 \SystemRoot\system32\DRIVERS\pciide.sys
0x871CC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x87000000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x871DA000 \SystemRoot\System32\drivers\mountmgr.sys
0x871F0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x833B9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8702E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83200000 \SystemRoot\system32\drivers\fltmgr.sys
0x87220000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMDS.SYS
0x87277000 \SystemRoot\system32\drivers\fileinfo.sys
0x87288000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMEFA.SYS
0x87405000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87534000 \SystemRoot\System32\Drivers\msrpc.sys
0x8755F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87572000 \SystemRoot\System32\Drivers\cng.sys
0x875CF000 \SystemRoot\System32\drivers\pcw.sys
0x875DD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8732C000 \SystemRoot\system32\drivers\ndis.sys
0x87636000 \SystemRoot\system32\drivers\NETIO.SYS
0x87674000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x87699000 \SystemRoot\System32\drivers\tcpip.sys
0x87600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x877E2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x87808000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x87847000 \SystemRoot\System32\Drivers\spldr.sys
0x8784F000 \SystemRoot\System32\drivers\rdyboost.sys
0x8787C000 \SystemRoot\System32\Drivers\mup.sys
0x8788C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x87894000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x878C6000 \SystemRoot\system32\DRIVERS\disk.sys
0x878D7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8792E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8794D000 \SystemRoot\System32\Drivers\Null.SYS
0x87954000 \SystemRoot\System32\drivers\vga.sys
0x87960000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87981000 \SystemRoot\System32\drivers\watchdog.sys
0x8798E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x87996000 \SystemRoot\system32\drivers\rdpencdd.sys

Hier hört er auch auf.

DanyRibi

29.12.2011 12:17

2 Fragen zu Dr. Web - Cure it:
1. Bei dem Automatischen Schnellscan wurden infizierte Objekte gefunden.
Soll ich die verschieben oder nicht?
2. Nach dem autmoatischen Schnellscan.
Soll ich dann noch einen Fullscan machen?

Chris4You

29.12.2011 13:21

Hi,
2xja und
die Logs jeweils posten!

chris

DanyRibi

29.12.2011 14:59

Hei.! :)

Hier ist schonmal die .log-Datei vom Schnellscan von Dr.Web
Den Fullscan soll ich dann auch posten oder?
Gruß DanyRibi

7021239128773976934653[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HDWKI0M;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HDWKI0M;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1]\JSFile_1[0][20f];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4\xcid,jsI;Wahrscheinlich SCRIPT.Virus;;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Container enthält infizierte Objekte;Verschoben.;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
ajs[2].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
ajs[3].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96OA6HUH;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96OA6HUH;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQUVL7Y7;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQUVL7Y7;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[9].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTGWDJP5;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTGWDJP5;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vasCA08CV6F.js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vasCAXU72FV.js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[11].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPLE2Y0Q;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPLE2Y0Q;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[9].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
ipodservice.exe;c:\program files\ipod\bin;Trojan.Starter.1695;Desinfiziert.;
mbamservice.exe;c:\program files\malwarebytes' anti-malware;Trojan.Starter.1695;Desinfiziert.;
ccsvchst.exe;c:\program files\norton 360\engine\5.0.0.125;Trojan.Starter.1695;Desinfiziert.;
regsrv64.exe;c:\users\administrator\appdata\roaming;Trojan.VbCrypt.80;Gelöscht.;

Chris4You

29.12.2011 16:42

Hi,

irgendwie kommen die Viecher schneller nach als das wir sie wieder los werden...
Poste auch das Log vom Fullscan und nochmal ein OTL-Log...

Danach Update für MAM und auch noch mal ein Fullscan...

chris

DanyRibi

29.12.2011 19:13

Hallo Chris! :)

Ich habe mit Dr. Web einen Fullscan gemacht und hier ist er.
Ich habe ihn als Archiv verpackt, weil die Log Datei so groß ist :D

Gruß, DanyRibi

DanyRibi

29.12.2011 19:28

OTL Logfile:

Code:

OTL logfile created on: 29.12.2011 19:37:43 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programme\Virus

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

952,87 Mb Total Physical Memory | 381,59 Mb Available Physical Memory | 40,05% Memory free

1,93 Gb Paging File | 1,30 Gb Available in Paging File | 67,25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 53,62 Gb Total Space | 29,40 Gb Free Space | 54,83% Space Free | Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 17,54 Gb Free Space | 35,91% Space Free | Partition Type: NTFS

Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS

 

Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Administrator\AppData\Roaming\regsrv64.exe (nutre iz)

PRC - C:\Users\Administrator\AppData\Roaming\227D.exe ()

PRC - D:\Programme\Virus\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\PSIService.exe ()

PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Administrator\AppData\Roaming\227D.exe ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)

SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)

DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\

CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

 

O1 HOSTS File: ([2011.12.29 15:06:58 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Windows Task Services]  7 File not found

O4 - HKCU..\Run: [Microsoft DLL Registration] C:\Users\Administrator\AppData\Roaming\regsrv64.exe (nutre iz)

O4 - HKCU..\Run: [Windows Task Services]  7 File not found

O4 - HKLM..\RunOnce: [Windows Task Services]  7 File not found

O4 - HKCU..\RunOnce: [Windows Task Services]  7 File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: Windows Task Services -  7 - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell - "" = AutoRun

O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell\AutoRun\command - "" = G:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

File not found -- C:\Windows\System32\

[2011.12.29 19:27:16 | 000,090,112 | ---- | C] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\regsrv64.exe

[2011.12.29 19:26:48 | 000,090,112 | ---- | C] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\32D3.exe

[2011.12.29 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb

[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

[2011.12.29 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D6DF5517-0866-46C0-B035-0E23E581F263}

[2011.12.29 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6FFDEF2E-28F7-4570-9A3F-D901AE7592ED}

[2011.12.28 23:43:12 | 000,000,000 | ---D | C] -- C:\TDSS

[2011.12.28 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.28 22:15:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.12.28 18:27:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}

[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}

[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}

[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}

[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}

[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}

[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}

[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific

[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec

[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys

[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys

[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys

[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys

[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys

[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys

[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360

[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D

[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360

[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings

[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}

[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}

[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}

[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}

[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}

[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}

[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP

[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP

[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}

[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}

[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}

[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}

[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)

[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson

[2011.12.19 21:50:54 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll

[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys

[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys

[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs

[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6

[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro

[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro

[2011.12.19 11:16:05 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll

[2011.12.19 11:16:05 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll

[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO

[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer

[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host

[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games

[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}

[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore

[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line

[2011.12.18 20:35:10 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm

[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins

[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim

[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}

[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}

[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011.12.18 03:03:48 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2011.12.18 03:03:48 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011.12.18 03:03:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011.12.18 03:03:47 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2011.12.18 03:03:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011.12.18 03:03:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011.12.18 03:03:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011.12.18 03:03:47 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2011.12.18 03:03:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011.12.18 03:03:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011.12.18 03:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011.12.18 03:03:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011.12.18 03:03:46 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011.12.18 03:03:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}

[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}

[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}

[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}

[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook

[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}

[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}

[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}

[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}

[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ

[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ

[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ

[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft

[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr

[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}

[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}

[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}

[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}

[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}

[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}

[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst

[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}

[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}

[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}

[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}

[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX

[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara

[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX

[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads

[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX

[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}

[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}

[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}

[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}

[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}

[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete

[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete

[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin

[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10

[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10

[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}

[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}

[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data

[2011.12.06 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2B1F679-50D7-445C-9578-3B5E7AD63807}

[2011.12.06 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F495AC1-C1D4-4EEB-9787-D81E264494E7}

[2011.12.05 21:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.12.05 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011.12.05 21:44:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011.12.05 21:44:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011.12.05 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8A2F23C0-AFEF-4AEB-8881-0E7DC16E6140}

[2011.12.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E089A1A0-B25F-49A8-A8F8-C16F9C06DCEA}

[2011.12.04 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011.12.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google

[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Deployment

[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps

[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb

[2011.12.04 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{15ED8E3F-517F-48FB-95F0-6D960EC85015}

[2011.12.04 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BB7597B2-858A-44DD-A98A-965C3D38C0C2}

[2011.12.03 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F7E2FEB-69CC-4B16-B352-FE4435C886FE}

[2011.12.03 19:48:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5389BE28-FACF-4142-B2AC-A1EE2D65BE42}

[2011.12.02 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C637353A-B56B-4A7F-BFDD-B8EFE4D5BDCC}

[2011.12.02 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{25A4F810-84C3-4DCD-9B21-EFDC53E26ADD}

[2011.12.02 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C93DE1B5-D585-4E35-A141-C222DEC630BE}

[2011.12.02 09:25:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F7D8078A-BCD1-4211-80CD-567BB113EAB9}

[2011.12.01 20:36:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{070B127A-96EF-4F2B-9A81-92BDDD4CC584}

[2011.12.01 20:36:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{52C31749-4BE9-43A1-8C6C-D339359FDCBE}

[2011.12.01 07:41:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{499F222A-AA6A-44A2-8EAE-B4DD012EC01B}

[2011.12.01 07:41:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A993F94E-AF14-46CD-8ACD-E77747B8337C}

[2011.12.01 07:40:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D8CDFA72-8B35-475F-9B3A-722ABF4B3345}

[2011.11.30 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{58770A29-F6FA-4901-9B3E-9E44FFA32B0A}

[2011.11.30 07:19:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A1E312B3-2EF2-473B-99CE-828567F633E1}

[2011.11.30 07:19:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{839BA023-EB82-49A9-9FD5-F5F4673225C2}

 
 ========== Files - Modified Within 30 Days ==========

 

File not found -- C:\Windows\System32\

[2011.12.29 19:32:46 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.29 19:32:46 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.29 19:26:48 | 000,090,112 | ---- | M] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\regsrv64.exe

[2011.12.29 19:26:48 | 000,090,112 | ---- | M] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\32D3.exe

[2011.12.29 19:26:44 | 000,385,024 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\227D.exe

[2011.12.29 19:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.29 19:24:39 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.29 16:00:43 | 189,948,433 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.12.29 15:06:58 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.12.29 12:01:49 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.29 12:01:49 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.29 12:01:49 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.29 12:01:49 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.28 22:09:24 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe

[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.12.25 23:47:51 | 000,890,854 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB

[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job

[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011.12.25 18:45:05 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job

[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd

[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk

[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk

[2011.12.19 21:50:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll

[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys

[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys

[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp

[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk

[2011.12.18 03:03:48 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2011.12.18 03:03:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011.12.18 03:03:48 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011.12.18 03:03:48 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011.12.18 03:03:47 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2011.12.18 03:03:47 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011.12.18 03:03:47 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011.12.18 03:03:47 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2011.12.18 03:03:47 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011.12.18 03:03:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011.12.18 03:03:47 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011.12.18 03:03:46 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011.12.18 03:03:46 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011.12.18 03:03:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk

[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk

[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js

[2011.12.04 21:48:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job

[2011.11.30 21:16:22 | 000,065,040 | ---- | M] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg

 
 ========== Files Created - No Company Name ==========

 

[2011.12.29 19:26:44 | 000,385,024 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\227D.exe

[2011.12.29 12:10:44 | 000,080,384 | ---- | C] () -- C:\Users\Administrator\Desktop\MBRCheck.exe

[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.12.25 23:47:36 | 000,890,854 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB

[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf

[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf

[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf

[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf

[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf

[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf

[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat

[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat

[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat

[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat

[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat

[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat

[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini

[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd

[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk

[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk

[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp

[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk

[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk

[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk

[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job

[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk

[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js

[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job

[2011.12.04 21:50:59 | 000,002,399 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job

[2011.12.04 21:12:04 | 189,948,433 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.11.30 21:13:13 | 000,065,040 | ---- | C] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg

[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll

[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll

[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll

[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe

[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat

[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe

[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat

[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe

[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat

[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin

[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 304 bytes -> C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation
 

< End of report >

--- --- ---

DanyRibi

29.12.2011 19:32

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 29.12.2011 19:48:20 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

952,87 Mb Total Physical Memory | 311,55 Mb Available Physical Memory | 32,70% Memory free

1,93 Gb Paging File | 1,23 Gb Available in Paging File | 63,64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 53,62 Gb Total Space | 29,40 Gb Free Space | 54,83% Space Free | Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 17,54 Gb Free Space | 35,91% Space Free | Partition Type: NTFS

Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS

 

Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne

"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Foto Designer Pro 10

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{759ef96c-3b1c-492b-b872-65869600a028}" = Nero 9

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C0410301-8AA7-460D-AB92-13BEDAC25753}" = 

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete

"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"7-Zip" = 7-Zip 9.10 beta

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"Autoruns" = Autoruns

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"ClearProg" = ClearProg 1.6.0 Final

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Core Temp" = Core Temp

"Counter-Strike 1.6" = Counter-Strike 1.6

"CPU-Z" = CPU-Z

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)

"FL Studio 9" = FL Studio 9

"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908

"Gpuz" = GPU-Z

"Hardcore" = Hardcore

"HDTune" = HDTune

"IL Download Manager" = IL Download Manager

"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3

"IrfanView" = IrfanView (remove only)

"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mp3tag" = Mp3tag v2.48

"N360" = Norton 360

"NFOPad" = NFOPad 1.55

"PictureItSuite_v10" = Microsoft Picture It! Foto Designer Pro Plus 10

"PoiZone" = PoiZone

"Real Temp" = Real Temp

"SAM3" = SAM Broadcaster (remove only)

"Sawer" = Sawer

"Songr" = Songr

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TeamViewer 6" = TeamViewer 6

"Toxic Biohazard" = Toxic Biohazard

"TuneUp Utilities" = TuneUp Utilities

"Update Service" = Sony Ericsson Update Service

"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions

"vShare.tv plugin" = vShare.tv plugin 1.3

"Windows 7 Custom Theme Pack" = Windows 7 Custom Theme Pack

"Windows 7 Theme Pack" = Windows 7 Theme Pack

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.3.5

"xp-AntiSpy" = xp-AntiSpy 3.98

"XYLIOfdp_is1" = FutureDecks Pro 2.0.4

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.12.2011 21:16:31 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5382

 

Error - 28.12.2011 21:16:31 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5382

 

Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 85145

 

Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 85145

 

Error - 29.12.2011 06:01:33 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 29.12.2011 06:50:00 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 29.12.2011 07:20:55 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 29.12.2011 10:11:51 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 29.12.2011 14:25:41 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

[ System Events ]

Error - 29.12.2011 10:22:54 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 29.12.2011 11:00:50 | Computer Name = FiFu-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?29.?12.?2011 um 15:58:28 unerwartet heruntergefahren.

 

Error - 29.12.2011 11:00:54 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 

von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 29.12.2011 11:00:57 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 29.12.2011 11:00:57 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   BHDrvx86  discache  IDSVix86  spldr  SRTSPX  SymIRON  SymNetS  Wanarpv6

 

Error - 29.12.2011 11:01:08 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 29.12.2011 11:01:14 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 29.12.2011 11:01:17 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 29.12.2011 14:25:32 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 

von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 29.12.2011 14:25:33 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%577

 

 

< End of report >

--- --- ---

Chris4You

29.12.2011 20:52

Hi,

wie schaffst Du das nur, die neuste Verseuchung erfolgte heute ca. 19:00 uhr...?

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif

Code:



:OTL

PRC - C:\Users\Administrator\AppData\Roaming\regsrv64.exe (nutre iz)

PRC - C:\Users\Administrator\AppData\Roaming\227D.exe ()

O4 - HKLM..\Run: [Windows Task Services]  7 File not found

O4 - HKCU..\Run: [Microsoft DLL Registration] C:\Users\Administrator\AppData\Roaming\regsrv64.exe (nutre iz)

O4 - HKCU..\Run: [Windows Task Services]  7 File not found

O4 - HKLM..\RunOnce: [Windows Task Services]  7 File not found

O4 - HKCU..\RunOnce: [Windows Task Services]  7 File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7

O21 - SSODL: Windows Task Services -  7 - No CLSID value found.

O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell - "" = AutoRun

O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell\AutoRun\command - "" = G:\Startme.exe

[2011.12.29 19:27:16 | 000,090,112 | ---- | C] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\regsrv64.exe

[2011.12.29 19:26:48 | 000,090,112 | ---- | C] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\32D3.exe

[2011.12.29 19:26:44 | 000,385,024 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\227D.exe

@Alternate Data Stream - 304 bytes -> C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Weitere Anleitung unter:http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

Dann MAM updaten und gleich hinterher jagen...

chris

DanyRibi

29.12.2011 21:41

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: FIFU-PC [Administrator]

Schutz: Aktiviert

29.12.2011 20:00:54
mbam-log-2011-12-29 (20-00-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 288846
Laufzeit: 42 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Administrator\AppData\Roaming\regsrv64.exe (Trojan.Ransom.BP) -> 4052 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft DLL Registration (Trojan.Ransom.BP) -> Daten: C:\Users\Administrator\AppData\Roaming\regsrv64.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Windows Task Services (Backdoor.PWin.Gen) -> Daten: 7 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Windows Task Services (Backdoor.PWin.Gen) -> Daten: 7 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Administrator\AppData\Roaming\regsrv64.exe (Trojan.Ransom.BP) -> Löschen bei Neustart.
C:\Users\Administrator\AppData\Roaming\32D3.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\users\administrator\appdata\roaming\cyrcre.exe (Worm.Dorkbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

DanyRibi

29.12.2011 21:44

OTL :

========== OTL ==========
Process regsrv64.exe killed successfully!
Process 227D.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft DLL Registration not found.
C:\Users\Administrator\AppData\Roaming\regsrv64.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Task Services not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Task Services not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Windows Task Services deleted successfully.
Invalid CLSID key: 7
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39f9b080-2a18-11e1-baf8-001d72dac89a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39f9b080-2a18-11e1-baf8-001d72dac89a}\ not found.
File G:\Startme.exe not found.
File C:\Users\Administrator\AppData\Roaming\regsrv64.exe not found.
File C:\Users\Administrator\AppData\Roaming\32D3.exe not found.
C:\Users\Administrator\AppData\Roaming\227D.exe moved successfully.
ADS C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_220513

Chris4You

29.12.2011 21:45

Hi,

fahre sofort das OTL-script ab, einer ist MAM durchgerutscht...

chris

DanyRibi

29.12.2011 21:45

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2270642 bytes
->Temporary Internet Files folder emptied: 16993018 bytes
->Java cache emptied: 11327 bytes
->Google Chrome cache emptied: 340469915 bytes
->Flash cache emptied: 91886 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3596 bytes
RecycleBin emptied: 534599727 bytes

Total Files Cleaned = 853,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_212953

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.

Registry entries deleted on Reboot...

DanyRibi

29.12.2011 21:46

wie abfahren?
was meinst du?

Chris4You

29.12.2011 21:47

Hi,

das OTL-Script über dem MAM-Log...

chris

DanyRibi

29.12.2011 21:49

tut mir leid für die Frage aber ich versteh im Moment nicht was du meinst..

Wie mache ich das

Chris4You

29.12.2011 22:52

Hi,

ist ok, die Posts gingen knapp aneinander vorbei...

So, jetzt noch ESET...lass ihn über Nacht laufen...

ESET Online Scanner (http://www.eset.com/onlinescan/)

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

chris

DanyRibi

31.12.2011 13:04

Hallo Chris :)

ich war gestern nicht zuhause.
Ich werde den Eset Scanner diese Nacht durchlaufen lassen und dann poste ich die Ergebnisse hier rein :D

Ich wünsche dir ein Guten Rutsch! :)

DanyRibi

DanyRibi

01.01.2012 01:07

Hier die Log-Datei vom ESET Scanner

[SPOILER]ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0b567b08b4da24bb41186408435a94a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 07:04:18
# local_time=2011-12-31 08:04:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3589 16777214 100 84 504171 76012734 0 0
# compatibility_mode=8192 67108863 100 0 3814 3814 0 0
# scanned=146795
# found=8
# cleaned=8
# scan_time=4470
C:\Users\Administrator\AppData\Local\709b8acb\U\80000000.@ a variant of Win32/Sirefef.DV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\Roaming\3642.exe Win32/Agent.TFI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\Roaming\5CB8.exe Win32/CoinMiner.I trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\Roaming\6E36.exe Win32/Agent.TFI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12292011_220513\C_Users\Administrator\AppData\Roaming\227D.exe Win32/CoinMiner.I trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\programme\SoftonicDownloader66221.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\programme\nero 8.0\nero 8.0\Nero V.8.0.3.0\Toolbar.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\programme\nero 8.0\nero 8.0\Nero V.8.0.3.0\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C[/SPOILER]

Chris4You

01.01.2012 11:22

Hi,

bitte nochmal ein neues OTL-Log...

chris

DanyRibi

01.01.2012 13:24

OTL Logfile:

Code:

OTL logfile created on: 01.01.2012 13:40:01 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

952,87 Mb Total Physical Memory | 87,99 Mb Available Physical Memory | 9,23% Memory free

1,93 Gb Paging File | 1,01 Gb Available in Paging File | 52,47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 53,62 Gb Total Space | 28,96 Gb Free Space | 54,02% Space Free | Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 17,41 Gb Free Space | 35,66% Space Free | Partition Type: NTFS

Drive E: | 46,50 Gb Total Space | 41,23 Gb Free Space | 88,67% Space Free | Partition Type: NTFS

 

Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\PSIService.exe ()

PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)

SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)

DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\

CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

 

O1 HOSTS File: ([2011.12.29 15:06:58 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Windows Task Services]  7 File not found

O4 - HKCU..\Run: [Cyrcre] C:\Users\Administrator\AppData\Roaming\Cyrcre.exe File not found

O4 - HKCU..\Run: [Microsoft DLL Registration] C:\Users\Administrator\AppData\Roaming\regsrv64.exe File not found

O4 - HKCU..\Run: [Windows Task Services]  7 File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: Windows Task Services -  7 - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

File not found -- C:\Windows\System32\

[2012.01.01 13:39:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2012.01.01 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{639320BD-DFF2-44A7-88E5-61B923D2D3BC}

[2012.01.01 13:15:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E3E17551-5555-4C18-A009-0172A3E71FC5}

[2012.01.01 01:11:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F5DEE3EE-3A77-4069-8872-A0516733D4C8}

[2012.01.01 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{171A2393-E16D-42EC-A59A-67D8E2791DDF}

[2011.12.31 18:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.12.31 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7543530A-3BF2-4D40-B2F2-D5CFEF87FC47}

[2011.12.31 13:09:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E670B477-4E8D-4708-860C-BB15747133BB}

[2011.12.29 22:05:13 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.12.29 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb

[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

[2011.12.29 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D6DF5517-0866-46C0-B035-0E23E581F263}

[2011.12.29 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6FFDEF2E-28F7-4570-9A3F-D901AE7592ED}

[2011.12.28 23:43:12 | 000,000,000 | ---D | C] -- C:\TDSS

[2011.12.28 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.28 22:15:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.12.28 18:27:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}

[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}

[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}

[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}

[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}

[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}

[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}

[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific

[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec

[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys

[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys

[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys

[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys

[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys

[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys

[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360

[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D

[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360

[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings

[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}

[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}

[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}

[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}

[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}

[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}

[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP

[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP

[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}

[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}

[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}

[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}

[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)

[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson

[2011.12.19 21:50:54 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll

[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys

[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys

[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs

[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6

[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro

[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro

[2011.12.19 11:16:05 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll

[2011.12.19 11:16:05 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll

[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO

[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer

[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host

[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games

[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}

[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore

[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line

[2011.12.18 20:35:10 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm

[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins

[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim

[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}

[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}

[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011.12.18 03:03:48 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2011.12.18 03:03:48 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011.12.18 03:03:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011.12.18 03:03:47 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2011.12.18 03:03:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011.12.18 03:03:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011.12.18 03:03:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011.12.18 03:03:47 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2011.12.18 03:03:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011.12.18 03:03:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011.12.18 03:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011.12.18 03:03:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011.12.18 03:03:46 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011.12.18 03:03:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}

[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}

[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}

[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}

[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook

[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}

[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}

[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}

[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}

[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ

[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ

[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ

[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft

[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr

[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}

[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}

[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}

[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}

[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}

[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}

[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst

[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}

[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}

[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}

[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}

[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX

[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara

[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX

[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads

[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX

[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}

[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}

[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}

[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}

[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}

[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete

[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete

[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin

[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10

[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10

[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}

[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}

[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data

[2011.12.06 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2B1F679-50D7-445C-9578-3B5E7AD63807}

[2011.12.06 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F495AC1-C1D4-4EEB-9787-D81E264494E7}

[2011.12.05 21:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.12.05 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011.12.05 21:44:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011.12.05 21:44:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011.12.05 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8A2F23C0-AFEF-4AEB-8881-0E7DC16E6140}

[2011.12.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E089A1A0-B25F-49A8-A8F8-C16F9C06DCEA}

[2011.12.04 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011.12.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google

[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Deployment

[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps

[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb

[2011.12.04 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{15ED8E3F-517F-48FB-95F0-6D960EC85015}

[2011.12.04 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BB7597B2-858A-44DD-A98A-965C3D38C0C2}

[2011.12.03 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F7E2FEB-69CC-4B16-B352-FE4435C886FE}

[2011.12.03 19:48:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5389BE28-FACF-4142-B2AC-A1EE2D65BE42}

[2011.12.02 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C637353A-B56B-4A7F-BFDD-B8EFE4D5BDCC}

[2011.12.02 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{25A4F810-84C3-4DCD-9B21-EFDC53E26ADD}

 
 ========== Files - Modified Within 30 Days ==========

 

File not found -- C:\Windows\System32\

[2012.01.01 13:22:00 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.01 13:22:00 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.01 13:14:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.01 13:14:23 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.01 00:34:32 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job

[2011.12.29 16:00:43 | 189,948,433 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.12.29 15:06:58 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.12.29 12:01:49 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.29 12:01:49 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.29 12:01:49 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.29 12:01:49 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.28 19:43:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.12.25 23:47:51 | 000,890,854 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB

[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job

[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd

[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk

[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk

[2011.12.19 21:50:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll

[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys

[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys

[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp

[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk

[2011.12.18 03:03:48 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2011.12.18 03:03:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011.12.18 03:03:48 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011.12.18 03:03:48 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011.12.18 03:03:47 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2011.12.18 03:03:47 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011.12.18 03:03:47 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011.12.18 03:03:47 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2011.12.18 03:03:47 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011.12.18 03:03:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011.12.18 03:03:47 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011.12.18 03:03:46 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011.12.18 03:03:46 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011.12.18 03:03:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk

[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk

[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js

[2011.12.04 21:48:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job

 
 ========== Files Created - No Company Name ==========

 

[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.12.25 23:47:36 | 000,890,854 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB

[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf

[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf

[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf

[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf

[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf

[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf

[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat

[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat

[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat

[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat

[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat

[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat

[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini

[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd

[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk

[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk

[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp

[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk

[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk

[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk

[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job

[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk

[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js

[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job

[2011.12.04 21:50:59 | 000,002,399 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job

[2011.12.04 21:12:04 | 189,948,433 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll

[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll

[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll

[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe

[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat

[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe

[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat

[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe

[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat

[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin

[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
 

< End of report >

--- --- ---

DanyRibi

01.01.2012 13:25

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 01.01.2012 13:40:01 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

952,87 Mb Total Physical Memory | 87,99 Mb Available Physical Memory | 9,23% Memory free

1,93 Gb Paging File | 1,01 Gb Available in Paging File | 52,47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 53,62 Gb Total Space | 28,96 Gb Free Space | 54,02% Space Free | Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 17,41 Gb Free Space | 35,66% Space Free | Partition Type: NTFS

Drive E: | 46,50 Gb Total Space | 41,23 Gb Free Space | 88,67% Space Free | Partition Type: NTFS

 

Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne

"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Foto Designer Pro 10

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{759ef96c-3b1c-492b-b872-65869600a028}" = Nero 9

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C0410301-8AA7-460D-AB92-13BEDAC25753}" = 

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete

"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"7-Zip" = 7-Zip 9.10 beta

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"Autoruns" = Autoruns

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"ClearProg" = ClearProg 1.6.0 Final

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Core Temp" = Core Temp

"Counter-Strike 1.6" = Counter-Strike 1.6

"CPU-Z" = CPU-Z

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)

"FL Studio 9" = FL Studio 9

"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908

"Gpuz" = GPU-Z

"Hardcore" = Hardcore

"HDTune" = HDTune

"IL Download Manager" = IL Download Manager

"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3

"IrfanView" = IrfanView (remove only)

"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mp3tag" = Mp3tag v2.48

"N360" = Norton 360

"NFOPad" = NFOPad 1.55

"PictureItSuite_v10" = Microsoft Picture It! Foto Designer Pro Plus 10

"PoiZone" = PoiZone

"Real Temp" = Real Temp

"SAM3" = SAM Broadcaster (remove only)

"Sawer" = Sawer

"Songr" = Songr

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TeamViewer 6" = TeamViewer 6

"Toxic Biohazard" = Toxic Biohazard

"TuneUp Utilities" = TuneUp Utilities

"Update Service" = Sony Ericsson Update Service

"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions

"vShare.tv plugin" = vShare.tv plugin 1.3

"Windows 7 Custom Theme Pack" = Windows 7 Custom Theme Pack

"Windows 7 Theme Pack" = Windows 7 Theme Pack

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.3.5

"xp-AntiSpy" = xp-AntiSpy 3.98

"XYLIOfdp_is1" = FutureDecks Pro 2.0.4

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 85145

 

Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 85145

 

Error - 29.12.2011 06:01:33 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 29.12.2011 06:50:00 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 29.12.2011 07:20:55 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 29.12.2011 10:11:51 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 29.12.2011 14:25:41 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 31.12.2011 08:09:18 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

Error - 01.01.2012 08:14:52 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0

Description = 

 

[ System Events ]

Error - 29.12.2011 11:01:17 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 29.12.2011 14:25:32 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 

von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 29.12.2011 14:25:33 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%577

 

Error - 31.12.2011 08:09:07 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 

von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 31.12.2011 08:09:07 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%577

 

Error - 31.12.2011 09:12:52 | Computer Name = FiFu-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 31.12.2011 09:12:52 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 31.12.2011 13:43:21 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 01.01.2012 08:14:44 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 

von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 01.01.2012 08:14:44 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%577

 

 

< End of report >

--- --- ---

Chris4You

02.01.2012 12:01

Hi,
Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif

Code:

:OTL

PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

O4 - HKLM..\Run: [Windows Task Services]  7 File not found

O4 - HKCU..\Run: [Cyrcre] C:\Users\Administrator\AppData\Roaming\Cyrcre.exe File not found

O4 - HKCU..\Run: [Microsoft DLL Registration] C:\Users\Administrator\AppData\Roaming\regsrv64.exe File not found

O4 - HKCU..\Run: [Windows Task Services]  7 File not found

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7

O21 - SSODL: Windows Task Services -  7 - No CLSID value found.

[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb

[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
 

:Commands

[emptytemp]

[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

MAM updaten und einen Fullscan...

chris

DanyRibi

02.01.2012 15:18

All processes killed
========== OTL ==========
Process mdm.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Cyrcre deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft DLL Registration deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Windows Task Services deleted successfully.
Invalid CLSID key: 7
C:\Users\Administrator\AppData\Local\709b8acb\U folder moved successfully.
C:\Users\Administrator\AppData\Local\709b8acb folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 167901 bytes
->Temporary Internet Files folder emptied: 27213190 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 48414654 bytes
->Flash cache emptied: 3320 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_153309

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

DanyRibi

02.01.2012 16:57

MAM Fullscan

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.02.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: FIFU-PC [Administrator]

Schutz: Aktiviert

02.01.2012 15:42:13
mbam-log-2012-01-02 (15-42-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 289960
Laufzeit: 1 Stunde(n), 33 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Administrator\DoctorWeb\Quarantine\000000c0.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\_OTL\MovedFiles\01022012_153309\C_Users\Administrator\AppData\Local\709b8acb\U\000000c0.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\_OTL\MovedFiles\01022012_153309\C_Users\Administrator\AppData\Local\709b8acb\U\000000cb.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Chris4You

02.01.2012 17:35

Hi,

MAM hat nur die Files gefundfen, die Dr. Web bzw. wir bereits erwischt hatten... ich frage mich wo die immer wieder herkommen, es muß ein Trojandownloader aktiv sein, oder irgendeine page die zu ansurfest ist infiziert...

Lass nochmal den Killer laufen (neu runterladen) und kreuze unter Optionen die Suche nach TDSS-Filesystem an...

chris

DanyRibi

02.01.2012 17:53

hm, du hast vielleicht Recht..

Aber da frag ich mich wo ich den mir eingefangen haben soll.
In den letzten Tagen war ich in keiner komischen Seite.
Also alles Seiten die ich schon seit Jahren besuche.. hm.

DanyRibi

02.01.2012 18:06

18:21:20.0967 3764 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:21:21.0139 3764 ============================================================
18:21:21.0139 3764 Current date / time: 2012/01/02 18:21:21.0139
18:21:21.0139 3764 SystemInfo:
18:21:21.0139 3764
18:21:21.0139 3764 OS Version: 6.1.7600 ServicePack: 0.0
18:21:21.0139 3764 Product type: Workstation
18:21:21.0139 3764 ComputerName: FIFU-PC
18:21:21.0139 3764 UserName: Administrator
18:21:21.0139 3764 Windows directory: C:\Windows
18:21:21.0139 3764 System windows directory: C:\Windows
18:21:21.0139 3764 Processor architecture: Intel x86
18:21:21.0139 3764 Number of processors: 1
18:21:21.0139 3764 Page size: 0x1000
18:21:21.0139 3764 Boot type: Normal boot
18:21:21.0139 3764 ============================================================
18:21:22.0356 3764 Initialize success
18:21:29.0189 3408 ============================================================
18:21:29.0189 3408 Scan started
18:21:29.0189 3408 Mode: Manual; TDLFS;
18:21:29.0189 3408 ============================================================
18:21:30.0546 3408 .tdx - ok
18:21:31.0045 3408 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:21:31.0045 3408 1394ohci - ok
18:21:31.0420 3408 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:21:31.0435 3408 ACPI - ok
18:21:31.0825 3408 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:21:31.0825 3408 AcpiPmi - ok
18:21:32.0278 3408 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:21:32.0309 3408 adp94xx - ok
18:21:32.0683 3408 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:21:32.0683 3408 adpahci - ok
18:21:33.0151 3408 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:21:33.0151 3408 adpu320 - ok
18:21:33.0526 3408 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
18:21:33.0541 3408 AFD - ok
18:21:33.0884 3408 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:21:33.0900 3408 agp440 - ok
18:21:34.0243 3408 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:21:34.0243 3408 aic78xx - ok
18:21:34.0633 3408 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:21:34.0633 3408 aliide - ok
18:21:35.0023 3408 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:21:35.0023 3408 amdagp - ok
18:21:35.0413 3408 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:21:35.0413 3408 amdide - ok
18:21:35.0803 3408 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:21:35.0803 3408 AmdK8 - ok
18:21:36.0380 3408 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:21:36.0396 3408 AmdPPM - ok
18:21:36.0755 3408 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
18:21:36.0755 3408 amdsata - ok
18:21:37.0145 3408 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:21:37.0145 3408 amdsbs - ok
18:21:37.0519 3408 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
18:21:37.0519 3408 amdxata - ok
18:21:37.0894 3408 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:21:37.0894 3408 AppID - ok
18:21:38.0284 3408 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:21:38.0284 3408 arc - ok
18:21:38.0658 3408 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:21:38.0658 3408 arcsas - ok
18:21:39.0048 3408 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:21:39.0048 3408 AsyncMac - ok
18:21:39.0422 3408 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:21:39.0422 3408 atapi - ok
18:21:39.0875 3408 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
18:21:39.0922 3408 athr - ok
18:21:40.0343 3408 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:21:40.0358 3408 b06bdrv - ok
18:21:40.0920 3408 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:21:40.0936 3408 b57nd60x - ok
18:21:41.0560 3408 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
18:21:41.0591 3408 BHDrvx86 - ok
18:21:42.0371 3408 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:21:42.0386 3408 blbdrive - ok
18:21:43.0073 3408 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
18:21:43.0073 3408 bowser - ok
18:21:43.0868 3408 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:21:43.0868 3408 BrFiltLo - ok
18:21:44.0492 3408 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:21:44.0524 3408 BrFiltUp - ok
18:21:45.0288 3408 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:21:45.0288 3408 Brserid - ok
18:21:46.0052 3408 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:21:46.0068 3408 BrSerWdm - ok
18:21:46.0832 3408 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:21:46.0848 3408 BrUsbMdm - ok
18:21:47.0503 3408 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:21:47.0503 3408 BrUsbSer - ok
18:21:48.0018 3408 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
18:21:48.0034 3408 BthEnum - ok
18:21:48.0845 3408 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:21:48.0845 3408 BTHMODEM - ok
18:21:49.0578 3408 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
18:21:49.0578 3408 BthPan - ok
18:21:50.0311 3408 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
18:21:50.0327 3408 BTHPORT - ok
18:21:51.0029 3408 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
18:21:51.0029 3408 BTHUSB - ok
18:21:51.0653 3408 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:21:51.0653 3408 cdfs - ok
18:21:52.0417 3408 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:21:52.0433 3408 cdrom - ok
18:21:53.0119 3408 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:21:53.0135 3408 circlass - ok
18:21:53.0447 3408 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:21:53.0447 3408 CLFS - ok
18:21:53.0806 3408 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:21:53.0806 3408 CmBatt - ok
18:21:54.0164 3408 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:21:54.0164 3408 cmdide - ok
18:21:54.0554 3408 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:21:54.0570 3408 CNG - ok
18:21:54.0960 3408 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:21:54.0960 3408 Compbatt - ok
18:21:55.0334 3408 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:21:55.0334 3408 CompositeBus - ok
18:21:55.0693 3408 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:21:55.0709 3408 crcdisk - ok
18:21:56.0114 3408 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
18:21:56.0130 3408 CSC - ok
18:21:56.0520 3408 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
18:21:56.0520 3408 DfsC - ok
18:21:56.0926 3408 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:21:56.0926 3408 discache - ok
18:21:57.0316 3408 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:21:57.0316 3408 Disk - ok
18:21:57.0737 3408 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:21:57.0737 3408 drmkaud - ok
18:21:58.0220 3408 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
18:21:58.0252 3408 DXGKrnl - ok
18:21:58.0798 3408 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:21:58.0876 3408 ebdrv - ok
18:21:59.0297 3408 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:21:59.0328 3408 elxstor - ok
18:21:59.0702 3408 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:21:59.0702 3408 ErrDev - ok
18:22:00.0092 3408 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:22:00.0092 3408 exfat - ok
18:22:00.0467 3408 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:22:00.0482 3408 fastfat - ok
18:22:00.0950 3408 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:22:00.0950 3408 fdc - ok
18:22:01.0808 3408 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:22:01.0808 3408 FileInfo - ok
18:22:02.0869 3408 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:22:02.0869 3408 Filetrace - ok
18:22:03.0696 3408 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:03.0696 3408 flpydisk - ok
18:22:04.0304 3408 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:22:04.0320 3408 FltMgr - ok
18:22:04.0694 3408 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:22:04.0694 3408 FsDepends - ok
18:22:05.0116 3408 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:05.0116 3408 Fs_Rec - ok
18:22:05.0521 3408 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:05.0552 3408 fvevol - ok
18:22:06.0161 3408 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:06.0192 3408 gagp30kx - ok
18:22:06.0566 3408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:22:06.0566 3408 GEARAspiWDM - ok
18:22:06.0941 3408 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
18:22:06.0956 3408 ggflt - ok
18:22:07.0331 3408 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
18:22:07.0331 3408 ggsemc - ok
18:22:07.0705 3408 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:22:07.0705 3408 hcw85cir - ok
18:22:08.0111 3408 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
18:22:08.0126 3408 HdAudAddService - ok
18:22:08.0532 3408 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:22:08.0532 3408 HDAudBus - ok
18:22:08.0860 3408 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:08.0860 3408 HidBatt - ok
18:22:09.0234 3408 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:22:09.0250 3408 HidBth - ok
18:22:09.0640 3408 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:22:09.0640 3408 HidIr - ok
18:22:10.0030 3408 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:10.0030 3408 HidUsb - ok
18:22:10.0420 3408 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:22:10.0420 3408 HpSAMD - ok
18:22:10.0841 3408 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:22:10.0872 3408 HTTP - ok
18:22:11.0262 3408 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:22:11.0262 3408 hwpolicy - ok
18:22:11.0636 3408 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:22:11.0636 3408 i8042prt - ok
18:22:12.0011 3408 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
18:22:12.0011 3408 iaStorV - ok
18:22:12.0229 3408 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys
18:22:12.0245 3408 IDSVix86 - ok
18:22:12.0744 3408 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:22:12.0869 3408 igfx - ok
18:22:13.0243 3408 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:22:13.0243 3408 iirsp - ok
18:22:13.0618 3408 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:22:13.0633 3408 intelide - ok
18:22:13.0976 3408 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:13.0976 3408 intelppm - ok
18:22:14.0320 3408 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:14.0335 3408 IpFilterDriver - ok
18:22:14.0678 3408 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:22:14.0678 3408 IPMIDRV - ok
18:22:15.0068 3408 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:22:15.0068 3408 IPNAT - ok
18:22:15.0677 3408 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:22:15.0677 3408 IRENUM - ok
18:22:16.0301 3408 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:22:16.0301 3408 isapnp - ok
18:22:16.0706 3408 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:22:16.0722 3408 iScsiPrt - ok
18:22:17.0393 3408 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:17.0408 3408 kbdclass - ok
18:22:17.0845 3408 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:22:17.0861 3408 kbdhid - ok
18:22:18.0220 3408 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
18:22:18.0220 3408 KSecDD - ok
18:22:18.0578 3408 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:18.0594 3408 KSecPkg - ok
18:22:19.0015 3408 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:19.0015 3408 lltdio - ok
18:22:19.0405 3408 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:19.0405 3408 LSI_FC - ok
18:22:19.0780 3408 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:19.0780 3408 LSI_SAS - ok
18:22:20.0154 3408 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:20.0170 3408 LSI_SAS2 - ok
18:22:20.0669 3408 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:20.0684 3408 LSI_SCSI - ok
18:22:21.0230 3408 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:22:21.0246 3408 MBAMProtector - ok
18:22:21.0667 3408 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
18:22:21.0667 3408 MBAMSwissArmy - ok
18:22:22.0073 3408 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:22:22.0073 3408 megasas - ok
18:22:22.0463 3408 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:22.0478 3408 MegaSR - ok
18:22:22.0837 3408 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:22:22.0837 3408 Modem - ok
18:22:23.0212 3408 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:22:23.0212 3408 monitor - ok
18:22:23.0570 3408 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:23.0586 3408 mouclass - ok
18:22:23.0960 3408 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:23.0976 3408 mouhid - ok
18:22:24.0335 3408 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:22:24.0335 3408 mountmgr - ok
18:22:24.0740 3408 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:22:24.0740 3408 mpio - ok
18:22:25.0115 3408 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:22:25.0115 3408 mpsdrv - ok
18:22:25.0505 3408 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:22:25.0520 3408 MRxDAV - ok
18:22:25.0910 3408 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:25.0910 3408 mrxsmb - ok
18:22:26.0285 3408 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:26.0285 3408 mrxsmb10 - ok
18:22:26.0644 3408 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:26.0644 3408 mrxsmb20 - ok
18:22:27.0002 3408 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:22:27.0002 3408 msahci - ok
18:22:27.0377 3408 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:22:27.0377 3408 msdsm - ok
18:22:27.0767 3408 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:22:27.0767 3408 Msfs - ok
18:22:28.0141 3408 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:28.0141 3408 mshidkmdf - ok
18:22:28.0500 3408 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:22:28.0500 3408 msisadrv - ok
18:22:28.0890 3408 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:28.0890 3408 MSKSSRV - ok
18:22:29.0342 3408 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:29.0342 3408 MSPCLOCK - ok
18:22:29.0732 3408 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:22:29.0732 3408 MSPQM - ok
18:22:30.0107 3408 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:22:30.0107 3408 MsRPC - ok
18:22:30.0466 3408 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:22:30.0466 3408 mssmbios - ok
18:22:30.0840 3408 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:22:30.0840 3408 MSTEE - ok
18:22:31.0230 3408 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:31.0230 3408 MTConfig - ok
18:22:31.0620 3408 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:22:31.0620 3408 Mup - ok
18:22:32.0104 3408 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:32.0119 3408 NativeWifiP - ok
18:22:32.0384 3408 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS
18:22:32.0384 3408 NAVENG - ok
18:22:32.0494 3408 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS
18:22:32.0525 3408 NAVEX15 - ok
18:22:32.0930 3408 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:22:32.0977 3408 NDIS - ok
18:22:33.0352 3408 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:33.0352 3408 NdisCap - ok
18:22:33.0726 3408 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:33.0726 3408 NdisTapi - ok
18:22:34.0085 3408 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:34.0085 3408 Ndisuio - ok
18:22:34.0459 3408 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:34.0459 3408 NdisWan - ok
18:22:34.0818 3408 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:22:34.0818 3408 NDProxy - ok
18:22:35.0208 3408 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:22:35.0208 3408 NetBIOS - ok
18:22:35.0582 3408 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:22:35.0598 3408 NetBT - ok
18:22:35.0988 3408 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:35.0988 3408 nfrd960 - ok
18:22:36.0394 3408 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:22:36.0394 3408 Npfs - ok
18:22:36.0815 3408 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:22:36.0815 3408 nsiproxy - ok
18:22:37.0330 3408 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
18:22:37.0376 3408 Ntfs - ok
18:22:37.0735 3408 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:22:37.0735 3408 Null - ok
18:22:38.0094 3408 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
18:22:38.0094 3408 nvraid - ok
18:22:38.0484 3408 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
18:22:38.0484 3408 nvstor - ok
18:22:38.0858 3408 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:22:38.0858 3408 nv_agp - ok
18:22:39.0248 3408 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:22:39.0248 3408 ohci1394 - ok
18:22:39.0638 3408 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:22:39.0654 3408 Parport - ok
18:22:40.0013 3408 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
18:22:40.0013 3408 partmgr - ok
18:22:40.0418 3408 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:22:40.0434 3408 Parvdm - ok
18:22:40.0824 3408 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:22:40.0840 3408 pci - ok
18:22:41.0214 3408 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:22:41.0214 3408 pciide - ok
18:22:41.0588 3408 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:41.0604 3408 pcmcia - ok
18:22:41.0978 3408 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:22:41.0978 3408 pcw - ok
18:22:42.0431 3408 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:22:42.0478 3408 PEAUTH - ok
18:22:42.0899 3408 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:42.0899 3408 PptpMiniport - ok
18:22:43.0258 3408 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:22:43.0258 3408 Processor - ok
18:22:43.0663 3408 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:22:43.0663 3408 Psched - ok
18:22:44.0162 3408 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:22:44.0209 3408 ql2300 - ok
18:22:44.0568 3408 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:44.0568 3408 ql40xx - ok
18:22:44.0958 3408 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:22:44.0958 3408 QWAVEdrv - ok
18:22:45.0379 3408 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:45.0379 3408 RasAcd - ok
18:22:45.0754 3408 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:45.0754 3408 RasAgileVpn - ok
18:22:46.0128 3408 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:46.0128 3408 Rasl2tp - ok
18:22:46.0768 3408 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:46.0768 3408 RasPppoe - ok
18:22:47.0142 3408 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:47.0142 3408 RasSstp - ok
18:22:47.0548 3408 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:47.0563 3408 rdbss - ok
18:22:47.0938 3408 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:47.0938 3408 rdpbus - ok
18:22:48.0312 3408 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:48.0312 3408 RDPCDD - ok
18:22:48.0702 3408 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
18:22:48.0702 3408 RDPDR - ok
18:22:49.0076 3408 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:22:49.0076 3408 RDPENCDD - ok
18:22:49.0466 3408 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:22:49.0466 3408 RDPREFMP - ok
18:22:49.0825 3408 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
18:22:49.0825 3408 RDPWD - ok
18:22:50.0200 3408 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:22:50.0200 3408 rdyboost - ok
18:22:50.0558 3408 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
18:22:50.0574 3408 RFCOMM - ok
18:22:50.0933 3408 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:50.0933 3408 rspndr - ok
18:22:51.0276 3408 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
18:22:51.0276 3408 s3cap - ok
18:22:51.0635 3408 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:22:51.0635 3408 sbp2port - ok
18:22:52.0025 3408 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:52.0025 3408 scfilter - ok
18:22:52.0399 3408 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
18:22:52.0399 3408 sdbus - ok
18:22:52.0758 3408 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:22:52.0758 3408 secdrv - ok
18:22:53.0164 3408 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:22:53.0164 3408 Serenum - ok
18:22:53.0522 3408 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:22:53.0522 3408 Serial - ok
18:22:53.0897 3408 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:22:53.0897 3408 sermouse - ok
18:22:54.0287 3408 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:22:54.0287 3408 sffdisk - ok
18:22:54.0646 3408 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:22:54.0646 3408 sffp_mmc - ok
18:22:55.0036 3408 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:22:55.0036 3408 sffp_sd - ok
18:22:55.0394 3408 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:55.0394 3408 sfloppy - ok
18:22:55.0816 3408 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:22:55.0816 3408 sisagp - ok
18:22:56.0190 3408 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:56.0190 3408 SiSRaid2 - ok
18:22:56.0564 3408 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:56.0564 3408 SiSRaid4 - ok
18:22:56.0939 3408 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:22:56.0939 3408 Smb - ok
18:22:57.0344 3408 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:22:57.0344 3408 spldr - ok
18:22:57.0844 3408 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS
18:22:57.0844 3408 SRTSP - ok
18:22:58.0265 3408 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS
18:22:58.0265 3408 SRTSPX - ok
18:22:58.0639 3408 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
18:22:58.0655 3408 srv - ok
18:22:59.0045 3408 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
18:22:59.0076 3408 srv2 - ok
18:22:59.0482 3408 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:22:59.0482 3408 SrvHsfHDA - ok
18:22:59.0872 3408 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:22:59.0903 3408 SrvHsfV92 - ok
18:23:00.0308 3408 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:23:00.0340 3408 SrvHsfWinac - ok
18:23:00.0698 3408 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
18:23:00.0698 3408 srvnet - ok
18:23:01.0073 3408 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:23:01.0073 3408 stexstor - ok
18:23:01.0447 3408 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:23:01.0447 3408 storflt - ok
18:23:01.0837 3408 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
18:23:01.0837 3408 storvsc - ok
18:23:02.0196 3408 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:23:02.0196 3408 swenum - ok
18:23:02.0664 3408 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS
18:23:02.0680 3408 SymDS - ok
18:23:03.0116 3408 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS
18:23:03.0132 3408 SymEFA - ok
18:23:03.0506 3408 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:23:03.0506 3408 SymEvent - ok
18:23:03.0959 3408 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS
18:23:03.0959 3408 SymIRON - ok
18:23:04.0380 3408 SymNetS (d4636a051890a92d1c8c2d9e7a5c8381) C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS
18:23:04.0380 3408 SymNetS - ok
18:23:04.0801 3408 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
18:23:04.0832 3408 Tcpip - ok
18:23:05.0222 3408 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
18:23:05.0238 3408 TCPIP6 - ok
18:23:05.0628 3408 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:23:05.0628 3408 tcpipreg - ok
18:23:05.0971 3408 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:23:05.0987 3408 TDPIPE - ok
18:23:06.0299 3408 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
18:23:06.0299 3408 TDTCP - ok
18:23:06.0658 3408 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
18:23:06.0658 3408 tdx - ok
18:23:07.0032 3408 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:23:07.0032 3408 TermDD - ok
18:23:07.0453 3408 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:07.0453 3408 tssecsrv - ok
18:23:07.0718 3408 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
18:23:07.0718 3408 TuneUpUtilitiesDrv - ok
18:23:08.0077 3408 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:23:08.0077 3408 tunnel - ok
18:23:08.0452 3408 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:23:08.0452 3408 uagp35 - ok
18:23:08.0842 3408 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:23:08.0842 3408 udfs - ok
18:23:09.0247 3408 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:23:09.0247 3408 uliagpkx - ok
18:23:09.0606 3408 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:23:09.0606 3408 umbus - ok
18:23:09.0965 3408 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:23:09.0965 3408 UmPass - ok
18:23:10.0355 3408 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:23:10.0355 3408 USBAAPL - ok
18:23:10.0714 3408 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:10.0714 3408 usbccgp - ok
18:23:11.0057 3408 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:23:11.0057 3408 usbcir - ok
18:23:11.0447 3408 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
18:23:11.0447 3408 usbehci - ok
18:23:11.0852 3408 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
18:23:11.0868 3408 usbhub - ok
18:23:12.0242 3408 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
18:23:12.0242 3408 usbohci - ok
18:23:12.0601 3408 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:23:12.0601 3408 usbprint - ok
18:23:12.0976 3408 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:12.0991 3408 USBSTOR - ok
18:23:13.0366 3408 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
18:23:13.0381 3408 usbuhci - ok
18:23:13.0787 3408 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
18:23:13.0787 3408 VClone - ok
18:23:14.0146 3408 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:23:14.0161 3408 vdrvroot - ok
18:23:14.0551 3408 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:14.0551 3408 vga - ok
18:23:14.0926 3408 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:23:14.0926 3408 VgaSave - ok
18:23:15.0300 3408 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:23:15.0316 3408 vhdmp - ok
18:23:15.0690 3408 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:23:15.0690 3408 viaagp - ok
18:23:16.0064 3408 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:23:16.0064 3408 ViaC7 - ok
18:23:16.0423 3408 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:23:16.0423 3408 viaide - ok
18:23:16.0813 3408 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
18:23:16.0829 3408 vmbus - ok
18:23:17.0203 3408 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:23:17.0203 3408 VMBusHID - ok
18:23:17.0562 3408 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:23:17.0562 3408 volmgr - ok
18:23:17.0968 3408 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:23:17.0983 3408 volmgrx - ok
18:23:18.0358 3408 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:23:18.0373 3408 volsnap - ok
18:23:18.0732 3408 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:23:18.0732 3408 vsmraid - ok
18:23:19.0106 3408 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:23:19.0106 3408 vwifibus - ok
18:23:19.0496 3408 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:23:19.0496 3408 vwififlt - ok
18:23:19.0886 3408 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
18:23:19.0886 3408 vwifimp - ok
18:23:20.0276 3408 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:23:20.0276 3408 WacomPen - ok
18:23:20.0635 3408 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:20.0635 3408 WANARP - ok
18:23:20.0651 3408 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:20.0651 3408 Wanarpv6 - ok
18:23:21.0025 3408 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:23:21.0025 3408 Wd - ok
18:23:21.0447 3408 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:23:21.0478 3408 Wdf01000 - ok
18:23:21.0852 3408 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:23:21.0868 3408 WfpLwf - ok
18:23:22.0242 3408 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:23:22.0242 3408 WIMMount - ok
18:23:22.0663 3408 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
18:23:22.0663 3408 WinUsb - ok
18:23:23.0100 3408 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:23:23.0116 3408 WmiAcpi - ok
18:23:23.0490 3408 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:23:23.0506 3408 ws2ifsl - ok
18:23:23.0865 3408 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:23:23.0865 3408 WudfPf - ok
18:23:24.0239 3408 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:24.0255 3408 WUDFRd - ok
18:23:24.0333 3408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:23:24.0504 3408 \Device\Harddisk0\DR0 - ok
18:23:24.0520 3408 Boot (0x1200) (d9309ba9da18506827077a43b40cdaeb) \Device\Harddisk0\DR0\Partition0
18:23:24.0520 3408 \Device\Harddisk0\DR0\Partition0 - ok
18:23:24.0567 3408 Boot (0x1200) (e607270cd54bb73414cb04ed59578b2e) \Device\Harddisk0\DR0\Partition1
18:23:24.0567 3408 \Device\Harddisk0\DR0\Partition1 - ok
18:23:24.0567 3408 Boot (0x1200) (2ca966281e8767d6ba71212b76470b5f) \Device\Harddisk0\DR0\Partition2
18:23:24.0567 3408 \Device\Harddisk0\DR0\Partition2 - ok
18:23:24.0598 3408 Boot (0x1200) (318536f777627ce692442de47272d540) \Device\Harddisk0\DR0\Partition3
18:23:24.0598 3408 \Device\Harddisk0\DR0\Partition3 - ok
18:23:24.0613 3408 ============================================================
18:23:24.0613 3408 Scan finished
18:23:24.0613 3408 ============================================================
18:23:24.0629 1080 Detected object count: 0
18:23:24.0629 1080 Actual detected object count: 0
18:25:20.0163 2712 Deinitialize success

Chris4You

02.01.2012 19:16

Hi,

nix zu sehen...

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

chris

DanyRibi

04.01.2012 12:57

Hallo!
Hier der Bericht vom GMER

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-04 13:16:29

Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11

Running: 78mci2i0.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldypog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            858B6C10                                                                                         ZwAlertResumeThread

SSDT            858B6CF0                                                                                         ZwAlertThread

SSDT            858ED9F0                                                                                         ZwAllocateVirtualMemory

SSDT            8587B048                                                                                         ZwAlpcConnectPort

SSDT            858B63B8                                                                                         ZwAssignProcessToJobObject

SSDT            858B6960                                                                                         ZwCreateMutant

SSDT            858B60D8                                                                                         ZwCreateSymbolicLinkObject

SSDT            859F2B20                                                                                         ZwCreateThread

SSDT            858B61C8                                                                                         ZwCreateThreadEx

SSDT            858B6498                                                                                         ZwDebugActiveProcess

SSDT            858EDBA0                                                                                         ZwDuplicateObject

SSDT            858ED810                                                                                         ZwFreeVirtualMemory

SSDT            858B6A50                                                                                         ZwImpersonateAnonymousToken

SSDT            858B6B30                                                                                         ZwImpersonateThread

SSDT            855E0ED0                                                                                         ZwLoadDriver

SSDT            858ED710                                                                                         ZwMapViewOfSection

SSDT            858B6880                                                                                         ZwOpenEvent

SSDT            859F2A08                                                                                         ZwOpenProcess

SSDT            858EDAE0                                                                                         ZwOpenProcessToken

SSDT            858B66C0                                                                                         ZwOpenSection

SSDT            859F2938                                                                                         ZwOpenThread

SSDT            858B62C8                                                                                         ZwProtectVirtualMemory

SSDT            858B6DD0                                                                                         ZwResumeThread

SSDT            858ED460                                                                                         ZwSetContextThread

SSDT            858ED540                                                                                         ZwSetInformationProcess

SSDT            858B6578                                                                                         ZwSetSystemInformation

SSDT            858B67A0                                                                                         ZwSuspendProcess

SSDT            858B6EB0                                                                                         ZwSuspendThread

SSDT            859F2C00                                                                                         ZwTerminateProcess

SSDT            858B6F90                                                                                         ZwTerminateThread

SSDT            858ED630                                                                                         ZwUnmapViewOfSection

SSDT            858ED900                                                                                         ZwWriteVirtualMemory
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                  82C84579 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82CA8F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!RtlSidHashLookup + 224                                                              82CB0724 8 Bytes  [10, 6C, 8B, 85, F0, 6C, 8B, ...]

.text           ntkrnlpa.exe!RtlSidHashLookup + 23C                                                              82CB073C 4 Bytes  [F0, D9, 8E, 85]

.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                              82CB0748 4 Bytes  [48, B0, 87, 85]

.text           ntkrnlpa.exe!RtlSidHashLookup + 29C                                                              82CB079C 4 Bytes  [B8, 63, 8B, 85]

.text           ntkrnlpa.exe!RtlSidHashLookup + 318                                                              82CB0818 4 Bytes  [60, 69, 8B, 85]

.text           ...                                                                                              
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\0000004f                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21488e                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21488e@402ba1eeee7a         0xEB 0xE6 0x4E 0x73 ...

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21488e (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21488e@402ba1eeee7a             0xEB 0xE6 0x4E 0x73 ...
 

---- Files - GMER 1.0.15 ----
 

File            C:\Windows\$NtUninstallKB1455$\1889241803                                                        0 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\@                                                      2048 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\L                                                      0 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\L\xadqgnnk                                             74240 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\loader.tlb                                             2632 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U                                                      0 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@00000001                                            45968 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000c0                                            3072 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000cb                                            3072 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@000000cf                                            1536 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@80000000                                            26112 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000c0                                            32768 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000cb                                            24064 bytes

File            C:\Windows\$NtUninstallKB1455$\1889241803\U\@800000cf                                            31744 bytes

File            C:\Windows\$NtUninstallKB1455$\1904035700                                                        0 bytes
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Chris4You

05.01.2012 10:45

Hi,

Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe

Doppelklick auf die SystemLook.exe, um das Tool zu starten.

Vista-User/Win7 mit Rechtsklick und als Administrator starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:



:dir

C:\Windows\$NtUninstallKB1455$ /s

Klicke nun auf den Button Look, um den Scan zu starten.

Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Starte bitte die OTL.exe

Vista/Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt in die Textbox

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

mv61xx.sys

winlogon.exe

userinit.exe

WS2_32.dll

/md5stop

c:\windows\system32\drivers\*.sys /lockedfiles

c:\windows\system32\*.dll /lockedfiles

%systemroot%\*. /mp /s

%PROGRAMFILES%\*.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Quick Scan Button

Klick auf OK

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

chris

DanyRibi

05.01.2012 14:22

Hallo!

Hier die Ergebnisse vom SystemLook

DanyRibi

DanyRibi

05.01.2012 15:02

OTL Logfile:

Code:

OTL logfile created on: 05.01.2012 14:47:11 - Run 5

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

952,87 Mb Total Physical Memory | 395,27 Mb Available Physical Memory | 41,48% Memory free

1,93 Gb Paging File | 1,15 Gb Available in Paging File | 59,71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 53,62 Gb Total Space | 27,76 Gb Free Space | 51,78% Space Free | Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 17,22 Gb Free Space | 35,27% Space Free | Partition Type: NTFS

Drive E: | 46,50 Gb Total Space | 41,23 Gb Free Space | 88,67% Space Free | Partition Type: NTFS

Drive F: | 332,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 5,69 Gb Total Space | 5,28 Gb Free Space | 92,83% Space Free | Partition Type: FAT32

 

Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

PRC - C:\Windows\System32\PSIService.exe ()

PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll ()

MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll ()

MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll ()

MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll ()

MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll ()

MOD - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\APPLIC~1\160912~1.63\gcswf32.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)

SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)

DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\

CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

 

O1 HOSTS File: ([2011.12.29 15:06:58 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.12.21 23:03:36 | 000,000,033 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2011.12.29 11:07:02 | 000,012,320 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{67f9b365-19b2-11e1-8f52-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{67f9b365-19b2-11e1-8f52-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe -- [2011.03.11 00:20:00 | 000,853,992 | R--- | M] (Seiko Epson Corporation)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

NetSvcs: AppInfo -  File not found

 

 

SafeBootMin: 33610407.sys - Driver

SafeBootMin: AppInfo - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: 33610407.sys - Driver

SafeBootNet: AppInfo - Service

SafeBootNet: Base - Driver Group

SafeBootNet: BFE - Service

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MPSSvc - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\setup50.exe" /APP:OE /CALLER:IE50 /user /install

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

File not found -- C:\Windows\System32\

[2012.01.05 14:46:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2012.01.05 13:08:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8969EC72-091A-4305-878D-200786654B7A}

[2012.01.05 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D8E11CB6-50E8-4EFB-8062-E4622F06700E}

[2012.01.05 01:00:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9DAD6BF2-7548-45FA-8638-51BA8257BB7D}

[2012.01.05 01:00:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{50919A37-85BB-4D37-AB9E-1A1148D9CDAD}

[2012.01.04 11:56:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1A31310D-7225-46FD-A8F0-3257735B9D9A}

[2012.01.04 11:55:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0E7CF5DC-A07C-473C-86B0-6BEC76A5D7CA}

[2012.01.03 12:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Epson

[2012.01.03 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ABBYY

[2012.01.03 12:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint

[2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 9.0 Sprint

[2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY

[2012.01.03 12:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY

[2012.01.03 12:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL

[2012.01.03 12:17:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield

[2012.01.03 12:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software

[2012.01.03 12:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software

[2012.01.03 12:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON

[2012.01.03 12:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2012.01.03 12:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

[2012.01.03 12:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\epson

[2012.01.03 11:57:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F04A8962-0CB2-42D8-8FFB-54F5191DBEBE}

[2012.01.03 11:57:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{207302E0-CA97-48B6-AF27-FA069C0264DC}

[2012.01.02 18:19:47 | 000,000,000 | ---D | C] -- C:\TDSS

[2012.01.02 15:44:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Amazon

[2012.01.02 15:40:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.01.02 14:57:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A6E7FA4F-B9BC-4F4F-AA06-B9E1A250E4CC}

[2012.01.02 14:57:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BF98FF71-B7E6-4B56-8810-6894E17F532E}

[2012.01.01 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{639320BD-DFF2-44A7-88E5-61B923D2D3BC}

[2012.01.01 13:15:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E3E17551-5555-4C18-A009-0172A3E71FC5}

[2012.01.01 01:11:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F5DEE3EE-3A77-4069-8872-A0516733D4C8}

[2012.01.01 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{171A2393-E16D-42EC-A59A-67D8E2791DDF}

[2011.12.31 18:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.12.31 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7543530A-3BF2-4D40-B2F2-D5CFEF87FC47}

[2011.12.31 13:09:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E670B477-4E8D-4708-860C-BB15747133BB}

[2011.12.29 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb

[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

[2011.12.29 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D6DF5517-0866-46C0-B035-0E23E581F263}

[2011.12.29 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6FFDEF2E-28F7-4570-9A3F-D901AE7592ED}

[2011.12.28 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.28 22:15:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}

[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}

[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}

[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}

[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}

[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}

[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}

[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific

[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec

[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys

[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys

[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys

[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys

[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys

[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys

[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360

[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D

[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360

[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings

[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}

[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}

[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}

[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}

[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}

[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}

[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP

[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP

[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}

[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}

[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}

[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}

[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)

[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson

[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys

[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys

[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs

[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6

[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro

[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro

[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO

[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer

[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host

[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games

[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}

[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore

[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line

[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins

[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim

[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}

[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}

[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}

[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}

[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}

[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}

[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook

[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}

[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}

[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}

[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}

[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ

[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ

[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ

[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft

[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr

[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}

[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}

[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}

[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}

[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}

[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}

[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst

[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}

[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}

[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}

[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}

[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX

[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara

[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX

[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads

[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX

[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}

[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}

[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}

[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}

[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}

[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete

[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete

[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin

[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10

[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10

[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}

[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}

[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data

 
 ========== Files - Modified Within 30 Days ==========

 

File not found -- C:\Windows\System32\

[2012.01.05 14:19:46 | 000,268,592 | ---- | M] () -- C:\Users\Administrator\Desktop\SystemLook.zip

[2012.01.05 13:28:30 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.05 13:28:30 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.05 13:28:30 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.05 13:28:30 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.05 13:23:39 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.05 13:23:39 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.05 13:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.05 13:16:00 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.05 02:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI

[2012.01.03 12:17:57 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss

[2012.01.03 12:16:19 | 000,894,558 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB

[2012.01.02 18:21:33 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job

[2012.01.02 15:41:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.12.29 16:00:43 | 189,948,433 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.12.29 15:06:58 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.12.28 19:43:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job

[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd

[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk

[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk

[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys

[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys

[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp

[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk

[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk

[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk

[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js

 
 ========== Files Created - No Company Name ==========

 

[2012.01.05 14:19:45 | 000,268,592 | ---- | C] () -- C:\Users\Administrator\Desktop\SystemLook.zip

[2012.01.05 02:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2012.01.03 12:17:44 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss

[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.12.25 23:47:36 | 000,894,558 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB

[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf

[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf

[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf

[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf

[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf

[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf

[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat

[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat

[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat

[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat

[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat

[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat

[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini

[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd

[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk

[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk

[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp

[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk

[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk

[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk

[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job

[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk

[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js

[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job

[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll

[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll

[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll

[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe

[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat

[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe

[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat

[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe

[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat

[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin

[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

 
 ========== LOP Check ==========

 

[2012.01.02 15:44:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon

[2012.01.03 12:47:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson

[2011.11.28 12:33:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit

[2011.12.18 21:11:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hardcore

[2011.11.28 12:34:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView

[2011.12.19 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host

[2011.12.10 14:09:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX

[2011.12.19 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sawer

[2011.12.25 23:47:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tific

[2011.11.28 18:11:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software

[2011.11.28 16:59:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems

[2011.12.07 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VshareComplete

[2009.07.14 05:53:46 | 000,001,888 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.01.02 18:21:33 | 000,000,248 | ---- | M] () -- C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2_32.DLL  >

[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll

[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

 
 < c:\windows\system32\drivers\*.sys /lockedfiles >

 
 < c:\windows\system32\*.dll /lockedfiles >

 
 < %systemroot%\*. /mp /s >

 
 < %PROGRAMFILES%\*. >

[2012.01.03 12:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 9.0 Sprint

[2011.12.09 20:15:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe

[2011.11.28 17:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player

[2011.12.29 11:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon

[2011.11.28 19:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update

[2011.12.04 21:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour

[2011.11.28 15:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\ClearProg

[2012.01.03 12:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files

[2011.11.28 15:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Corel

[2011.12.19 12:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Counter-Strike 1.6

[2009.07.14 09:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker

[2011.12.14 22:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft

[2012.01.03 12:17:09 | 000,000,000 | ---D | M] -- C:\Program Files\epson

[2012.01.03 12:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software

[2011.12.31 18:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\ESET

[2011.11.28 19:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\Firebird

[2011.11.28 13:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software

[2011.11.28 12:22:11 | 000,000,000 | -HSD | M] -- C:\Program Files\Gemeinsame Dateien

[2011.12.18 20:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line

[2012.01.03 12:18:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2011.12.18 02:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2011.12.28 18:30:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPod

[2011.11.28 12:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView

[2011.12.28 18:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes

[2011.12.05 21:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Java

[2011.12.10 14:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\MAGIX

[2011.12.28 23:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.13 16:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 10

[2009.07.14 09:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games

[2011.11.28 13:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2011.11.29 14:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight

[2011.11.28 13:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio

[2011.11.28 13:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works

[2011.11.28 13:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET

[2011.11.28 19:20:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mp3tag

[2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2011.11.28 13:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\Nero

[2010.03.31 18:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\NFOPad

[2011.12.25 23:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360

[2011.12.25 23:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller

[2010.03.31 18:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\olsystems CPL Pack

[2011.11.28 17:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2011.12.18 20:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim

[2011.11.28 19:19:58 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFiltrePortable

[2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2011.11.28 19:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\simfy VZ edition

[2011.12.18 16:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Songr

[2011.12.19 21:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson

[2011.11.28 19:23:09 | 000,000,000 | ---D | M] -- C:\Program Files\SpacialAudio

[2011.12.25 23:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec

[2011.11.28 19:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client

[2011.11.28 19:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer

[2011.12.04 21:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2010

[2011.11.28 17:15:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2011.12.19 22:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ

[2011.12.07 21:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\vShare.tv plugin

[2011.12.07 21:43:53 | 000,000,000 | ---D | M] -- C:\Program Files\VshareComplete

[2011.12.18 20:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins

[2009.07.14 09:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal

[2011.11.28 20:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live

[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2011.11.28 12:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer

[2009.07.14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices

[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

[2011.12.22 18:03:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP

[2011.11.28 15:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\xp-AntiSpy

[2011.12.19 11:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\XYLIO

[2011.11.28 12:32:55 | 000,000,000 | ---D | M] -- C:\Program Files\Z-Zip

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 
 <           >

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\$NtUninstallKB1455$] -> Error: Cannot create file handle -> Unknown point type
 

< End of report >

--- --- ---

es ist kein Extra.txt gekommen..!

Chris4You

06.01.2012 10:34

hi,

über ein Microsoft FixPack KB1455 ist mir nichts bekannt, da ist was faul... auch Gmer zeigt Verlinkungen dahin...

Bevor ich das per Hand entsorge, schauen wir mal was ComboFix dazu sagt:

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

DanyRibi

07.01.2012 21:03

Liste der Anhänge anzeigen (Anzahl: 2)

Combofix hat nicht funktioniert.
Ich habe mein Virenprogramm gelöscht und es nochmals drauf gespielt und jetzt ist alles ok.
DANKE DAFÜR! :)

jetzt aber noch eine weitere Frage. Seit heute hab ich das Problem, dass kein Desktophintergrund angezeigt wird, genauso wenig wie die Miniaturansichten von Programmen und Bildern..
Das sieht dann so aus (siehe Bilder)
Kannst du mir da weiter helfen?

Chris4You

09.01.2012 09:59

Hi,

lief dann Combofix durch?
Poste ds Log...

Unhide
Lade Dir unhide von folgender Adresse runter und dann per Doppelklick als Admin ausführen:
http://filepony.de/download-unhide/
Es werden alle versteckten Dateien sichtbar gemacht, ggf. welche die versteckt sein sollten wieder unsichtbar machen (Auswählen im Explorer->Eingenschaften->versteckt)

Win7:

Mit der Maus rechtsklick auf den desktop

“Anzeige” auswählen

Auswählen von "Desktopsymbole anzeigen"

chris

DanyRibi

09.01.2012 16:40

Ich habe Combofix durchlaufen lassen, aber kurz vor Schluss hat es abgebrochen..

DanyRibi

10.01.2012 18:20

das Problem wurde durch Unhide nicht gelöst..

Chris4You

10.01.2012 21:48

Hi,

das ist dann wohl eine neue Infektion...

Probieren wir erstnochmal das hier:
->Start - Regedit, zum Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
navigieren und dort den Eintrag (falls vorhanden) NoDesktop löschen...

sonst:

MAM updaten und FULL-Scann, TDSS-Killer laufen lasse und ein neues OTL-Log...

chris

franklin84

15.01.2012 18:08

Hallo,

mich hat es mit diesem Shit auch erwischt...
Außerdem irgendwas ähnliches von Max++
OTL, OTS, HiJack liefen schon mal...
Kaspersky läuft permanent, habe da auch was entfernt ohne genauer nachzugucken.

Bereits folgende Ungereimtheiten entfernt:
tcudriver.exe
svchoost.exe & csrss.exe aus benutzer\name\appdata\roaming
consrv.dll aus C:\windows\system32\ entfernt (nicht in Registrierung eingetragen gewesen:

Ich hatte "Windows 7 Firewall Control" von sphinx-soft.com drauf,
als das nicht mehr lief wurde ich darauf aufmerksam.

Windows Firewall-Dienst tot, "Fix it" von MS brachte keine besserung.
In der Systemsteuerung kann ich auch nicht mehr mit der Firewall einstellen:
Fehler: 0x80070424

Bitte Ideen und Vorschläge!
Im Anhang nochmal die aktuelle OTL-Log.

DanyRibi

15.01.2012 20:31

Hei Chris

wie komme ich auf "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"?

franklin84

15.01.2012 21:00

Bei Win 7 auf "Start" und dann unten bei "DOS-Befehle / Suchtext" Regedit eingeben und dahin durchklicken!
Bei mir leider fail. An dieser Position nichts ungewöhnliches zu finden...

Chris4You

16.01.2012 18:18

Hi,

@Franklin84, bitte neuen Thread eröffnen...
und schaue Dir das hier mal näher an ;o)
O20 - HKCU Winlogon: Shell - (C:\Users\Frank\AppData\Local\445358e4\X) -C:\Users\Frank\AppData\Local\445358e4\X ()
[2012.01.15 12:39:53 | 000,000,000 | -HSD | C] -- C:\Users\Frank\AppData\Local\445358e4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
-> Antimalewarebytes und TDSS-Killer...

Scan mit SystemLook

@DanyRibi
Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe

Doppelklick auf die SystemLook.exe, um das Tool zu starten.

Vista-User/Win7 mit Rechtsklick und als Administrator starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:



:reg

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] /s

Klicke nun auf den Button Look, um den Scan zu starten.

Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

chris

franklin84

16.01.2012 19:38

@Chris4You:

Ja, sorry war hier lange nicht unterwegs. Nur eben wenns gewaltig "brennt" XD.

Mal noch ne kurze Frage:
* Ist Kaspersky 2012 so schlecht das sich de rRechner infizieren kann?
Weil beim Systemscan vor 4 Tagen war alles i.O. bis auf paar wenige gezippte Spieletrainer.

* Kann man in so einem Fall eine Systemwiederherstellung machen?
Bringt das was? Oder reißt man damit mehr ein?

* TDDS hat nichts gefunden. Antimalewarebytes und ESET Online Scanner haben kräftig aufgeräumt.

* "445358e4" mußte ich trotzdem manuell löschen, da Antimalwarebytes nach einem Neustart das trotzdem nicht gemacht hatte...

* Schwierige, aber dennoch erfolgreiche Reparatur Der Windows Firewall!
komplette Registry-Keys der Firewall waren gelöscht!
-> Fehler 0x80070424
bfe.reg & firewall.reg aus dem sevenforums.com nach der Anleitung von User "Balon"

* mediashifting.com meldet sich nun auch nicht mehr im Firefox...
einen Redirect bei der Such konnte ich nicht feststellen!

Trotzdem vielen Dank!

Mfg FRank

DanyRibi

20.01.2012 18:25

SystemLook 30.07.11 by jpshortstuff
Log created at 18:47 on 20/01/2012 by Administrator
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"= 0x0000000091 (145)
"NoInternetOpenWith"= 0x0000000001 (1)
"NoRecentDocsNetHood"= 0x0000000001 (1)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(No values found)

[]
Hive unrecognized.

-= EOF =-

Alle Zeitangaben in WEZ +1. Es ist jetzt 06:16 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131