Trojaner-Board
Seite 3 von 5 12 3 45
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "Mediashifting.com" Virus (https://www.trojaner-board.de/107112-mediashifting-com-virus.html)

DanyRibi 29.12.2011 19:13
Hallo Chris! :)

Ich habe mit Dr. Web einen Fullscan gemacht und hier ist er.
Ich habe ihn als Archiv verpackt, weil die Log Datei so groß ist :D

Gruß, DanyRibi

DanyRibi 29.12.2011 19:28
OTL Logfile:
Code:
OTL logfile created on: 29.12.2011 19:37:43 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = D:\Programme\Virus
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 381,59 Mb Available Physical Memory | 40,05% Memory free
1,93 Gb Paging File | 1,30 Gb Available in Paging File | 67,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 29,40 Gb Free Space | 54,83% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,54 Gb Free Space | 35,91% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\AppData\Roaming\regsrv64.exe (nutre iz)
PRC - C:\Users\Administrator\AppData\Roaming\227D.exe ()
PRC - D:\Programme\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Administrator\AppData\Roaming\227D.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EB B7 E2 C4 AD CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.25 23:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.25 23:47:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=16d49936-2114-11e1-a3d6-001d72dac89a&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: VshareComplete plugin for chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: SkyRama = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\
CHR - Extension: vshare plugin = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
 
O1 HOSTS File: ([2011.12.29 15:06:58 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Task Services]  7 File not found
O4 - HKCU..\Run: [Microsoft DLL Registration] C:\Users\Administrator\AppData\Roaming\regsrv64.exe (nutre iz)
O4 - HKCU..\Run: [Windows Task Services]  7 File not found
O4 - HKLM..\RunOnce: [Windows Task Services]  7 File not found
O4 - HKCU..\RunOnce: [Windows Task Services]  7 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F38490F-9F2A-4616-A82E-AEDC26C1183A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: Windows Task Services -  7 - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell - "" = AutoRun
O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.12.29 19:27:16 | 000,090,112 | ---- | C] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\regsrv64.exe
[2011.12.29 19:26:48 | 000,090,112 | ---- | C] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\32D3.exe
[2011.12.29 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.12.29 11:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011.12.29 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D6DF5517-0866-46C0-B035-0E23E581F263}
[2011.12.29 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6FFDEF2E-28F7-4570-9A3F-D901AE7592ED}
[2011.12.28 23:43:12 | 000,000,000 | ---D | C] -- C:\TDSS
[2011.12.28 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.28 22:15:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.28 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.28 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.28 18:27:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.28 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2BB0A14-44EC-4AB6-B9AE-FEF35718EB20}
[2011.12.28 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0AA5F9A5-79A8-4CE0-8AE7-87EC8966CE25}
[2011.12.28 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{379E6748-542A-4656-9936-8A9FB2E681CB}
[2011.12.27 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD58E5C3-8DC5-44A8-9559-6208C54BAEE9}
[2011.12.27 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1223B582-BDCB-4AB0-A9C6-19AC3F05054F}
[2011.12.26 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.12.26 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.26 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{46777FDA-C6A0-4B35-BE23-584D10C76B17}
[2011.12.26 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D095FD64-ED9F-4DF4-A760-E9C3E753F185}
[2011.12.25 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific
[2011.12.25 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec
[2011.12.25 23:47:29 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:46:40 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011.12.25 23:46:40 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys
[2011.12.25 23:46:40 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys
[2011.12.25 23:46:40 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys
[2011.12.25 23:46:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011.12.25 23:46:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.12.25 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D
[2011.12.25 23:45:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.12.25 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011.12.25 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011.12.25 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.12.25 23:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.12.25 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6FBF512-BB1E-430B-983C-3DF1733E1C80}
[2011.12.25 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{78060916-7F1D-4181-AB09-C705384C3970}
[2011.12.24 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2F18C8F-783D-46E0-B59C-0ECCDE8A8717}
[2011.12.24 00:22:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2D7352B9-7FF6-47C0-94EB-88F94266DDA8}
[2011.12.23 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{95A6AEF6-669D-452D-B20F-2F9E2B505767}
[2011.12.23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6042B39B-6700-4908-8D24-69731163F744}
[2011.12.22 18:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2011.12.22 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011.12.22 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E6309BD-062D-442E-A5AC-6741BC86107E}
[2011.12.22 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{220748C8-3A91-46D5-A66C-30BA24BBB827}
[2011.12.21 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{582A5767-62CC-4392-9485-F54237AB183A}
[2011.12.21 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A943E0E7-05FC-47E7-B478-F2BAF93DE6BF}
[2011.12.19 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2011.12.19 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.12.19 21:50:54 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.12.19 21:50:54 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011.12.19 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\errorlogs
[2011.12.19 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2011.12.19 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2011.12.19 11:16:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\FutureDecks Pro
[2011.12.19 11:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FutureDecks Pro
[2011.12.19 11:16:05 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2011.12.19 11:16:05 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2011.12.19 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYLIO
[2011.12.19 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sawer
[2011.12.19 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Juce VST Host
[2011.12.19 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games
[2011.12.19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12E3E130-7774-4EF9-8F48-61668941F536}
[2011.12.18 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hardcore
[2011.12.18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line
[2011.12.18 20:35:10 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011.12.18 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.12.18 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011.12.18 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011.12.18 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011.12.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87240716-D638-4D38-AD51-DCB2C089DCF7}
[2011.12.18 15:21:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{141D5719-46B2-4688-88CF-2285AD09A3B4}
[2011.12.18 03:16:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.12.18 03:03:48 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.12.18 03:03:48 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.12.18 03:03:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.12.18 03:03:47 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.12.18 03:03:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.12.18 03:03:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.12.18 03:03:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.12.18 03:03:47 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.12.18 03:03:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.12.18 03:03:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.12.18 03:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.12.18 03:03:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.12.18 03:03:46 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.12.18 03:03:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.12.18 02:29:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.18 01:45:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A48E887B-979F-4A1A-BABB-14A7F90F52F8}
[2011.12.18 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A10E37B7-643C-4C9D-9879-4C1040A9A3C6}
[2011.12.17 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{983F0E49-3A8C-4972-972B-F87C867624D2}
[2011.12.17 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9BFBE83-C6DE-42A5-9786-2A250B812ECF}
[2011.12.16 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Facebook
[2011.12.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EAB6CB34-1C58-4156-AC28-59BB5E0114DC}
[2011.12.16 17:30:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CFFFD46-C7C5-4C8C-A3A9-34D47BA59FE1}
[2011.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A894527A-5649-4BEA-89FF-C73EA0A55C99}
[2011.12.15 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F760CE63-509B-41DE-8FFB-86081B22D3E3}
[2011.12.14 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011.12.14 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\VirtualDJ
[2011.12.14 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011.12.14 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.12.14 22:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft
[2011.12.14 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.12.14 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Songr
[2011.12.14 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0C70EBA-63A0-4EDE-9CF6-3FC0D510CF82}
[2011.12.14 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{EF55CE28-5782-45F2-8396-AA0B3F56FB84}
[2011.12.13 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E91524-CBA5-4FE8-B9E6-40593CA355CB}
[2011.12.13 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{912FF503-D75D-4443-9F14-E5E1FF37C2E3}
[2011.12.12 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D2A0E5CD-0B50-43EA-AD8F-EBB29B075F72}
[2011.12.12 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A11D0305-27D3-4A90-A11F-E4FEED001C78}
[2011.12.11 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Kunst
[2011.12.11 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76B89B6E-EA5F-450E-A9E5-F8C8B410610F}
[2011.12.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2929F6A1-14E1-44F8-BE53-4E88187E4EE6}
[2011.12.10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5BD9785-5B3C-47CE-A036-5F1729D10965}
[2011.12.10 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{80A06A25-5DEE-4126-A220-F961E3413FDA}
[2011.12.10 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX
[2011.12.10 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xara
[2011.12.10 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011.12.10 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MAGIX Downloads
[2011.12.10 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2011.12.10 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C2C3548E-860A-411B-97A3-4A325BFE7023}
[2011.12.09 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16CA5E88-B77D-46A4-88D6-926F19459BE6}
[2011.12.09 09:08:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0AA272A-8DA6-4BCA-B1EF-BE6C729FAC61}
[2011.12.08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A0B3DB8C-8095-4A7A-A86C-7CA0D0A510C5}
[2011.12.08 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0766B70-D8CA-4140-ADFF-B09CFF450310}
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VshareComplete
[2011.12.07 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete
[2011.12.07 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011.12.07 20:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Foto Designer Pro Plus 10
[2011.12.07 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 10
[2011.12.07 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{497B0096-AC4F-4DB9-ADB2-6B6F1DBB5ACE}
[2011.12.07 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9E487A8-E84E-408C-8EB3-3740FA343483}
[2011.12.06 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data
[2011.12.06 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A2B1F679-50D7-445C-9578-3B5E7AD63807}
[2011.12.06 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F495AC1-C1D4-4EEB-9787-D81E264494E7}
[2011.12.05 21:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.12.05 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.05 21:44:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.05 21:44:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.05 21:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.05 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8A2F23C0-AFEF-4AEB-8881-0E7DC16E6140}
[2011.12.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E089A1A0-B25F-49A8-A8F8-C16F9C06DCEA}
[2011.12.04 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Deployment
[2011.12.04 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps
[2011.12.04 21:10:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\709b8acb
[2011.12.04 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{15ED8E3F-517F-48FB-95F0-6D960EC85015}
[2011.12.04 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BB7597B2-858A-44DD-A98A-965C3D38C0C2}
[2011.12.03 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8F7E2FEB-69CC-4B16-B352-FE4435C886FE}
[2011.12.03 19:48:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5389BE28-FACF-4142-B2AC-A1EE2D65BE42}
[2011.12.02 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C637353A-B56B-4A7F-BFDD-B8EFE4D5BDCC}
[2011.12.02 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{25A4F810-84C3-4DCD-9B21-EFDC53E26ADD}
[2011.12.02 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C93DE1B5-D585-4E35-A141-C222DEC630BE}
[2011.12.02 09:25:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F7D8078A-BCD1-4211-80CD-567BB113EAB9}
[2011.12.01 20:36:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{070B127A-96EF-4F2B-9A81-92BDDD4CC584}
[2011.12.01 20:36:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{52C31749-4BE9-43A1-8C6C-D339359FDCBE}
[2011.12.01 07:41:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{499F222A-AA6A-44A2-8EAE-B4DD012EC01B}
[2011.12.01 07:41:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A993F94E-AF14-46CD-8ACD-E77747B8337C}
[2011.12.01 07:40:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D8CDFA72-8B35-475F-9B3A-722ABF4B3345}
[2011.11.30 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{58770A29-F6FA-4901-9B3E-9E44FFA32B0A}
[2011.11.30 07:19:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A1E312B3-2EF2-473B-99CE-828567F633E1}
[2011.11.30 07:19:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{839BA023-EB82-49A9-9FD5-F5F4673225C2}
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.12.29 19:32:46 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 19:32:46 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 19:26:48 | 000,090,112 | ---- | M] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\regsrv64.exe
[2011.12.29 19:26:48 | 000,090,112 | ---- | M] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\32D3.exe
[2011.12.29 19:26:44 | 000,385,024 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\227D.exe
[2011.12.29 19:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.29 19:24:39 | 749,367,296 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.29 16:00:43 | 189,948,433 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.29 15:06:58 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.29 12:01:49 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.29 12:01:49 | 000,618,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.29 12:01:49 | 000,132,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.29 12:01:49 | 000,108,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.28 22:09:24 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2011.12.28 18:31:14 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.25 23:47:51 | 000,890,854 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:28 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.12.25 23:47:28 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:28 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:27 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Systemprüfung ausführen - Administrator.job
[2011.12.25 23:47:12 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.25 18:45:05 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.12.22 18:04:25 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.21 23:25:59 | 003,768,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | M] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 21:50:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.12.19 21:50:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.12.19 21:50:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.12.19 11:20:37 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.19 10:39:33 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.18 03:03:48 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.12.18 03:03:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.12.18 03:03:48 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.12.18 03:03:48 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.12.18 03:03:47 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.12.18 03:03:47 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.12.18 03:03:47 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.12.18 03:03:47 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.12.18 03:03:47 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.12.18 03:03:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.12.18 03:03:47 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.12.18 03:03:46 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.12.18 03:03:46 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.12.18 03:03:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.12.17 17:32:07 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 14:58:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.10 14:08:54 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.07 21:43:51 | 000,000,442 | ---- | M] () -- C:\prefs.js
[2011.12.04 21:48:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
[2011.11.30 21:16:22 | 000,065,040 | ---- | M] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg
 
========== Files Created - No Company Name ==========
 
[2011.12.29 19:26:44 | 000,385,024 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\227D.exe
[2011.12.29 12:10:44 | 000,080,384 | ---- | C] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2011.12.28 18:31:13 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.25 23:47:36 | 000,890,854 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.12.25 23:47:29 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.12.25 23:47:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.12.25 23:47:12 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.12.25 23:45:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011.12.25 23:45:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf
[2011.12.25 23:45:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf
[2011.12.25 23:45:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf
[2011.12.25 23:45:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf
[2011.12.25 23:45:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf
[2011.12.25 23:45:21 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat
[2011.12.25 23:45:21 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat
[2011.12.25 23:45:21 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011.12.25 23:45:21 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat
[2011.12.25 23:45:21 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat
[2011.12.25 23:45:21 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini
[2011.12.22 18:04:25 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.12.19 22:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.12.19 22:03:56 | 000,001,001 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Pro.lnk
[2011.12.19 21:51:19 | 000,001,207 | ---- | C] () -- C:\Users\Administrator\Desktop\Update Service.lnk
[2011.12.19 10:39:33 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp
[2011.12.18 20:35:28 | 000,001,101 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 9.lnk
[2011.12.14 18:13:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk
[2011.12.14 18:13:06 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Songr.lnk
[2011.12.12 17:43:49 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.12 14:58:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-FIFU-PC-Administrator.job
[2011.12.10 14:08:54 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6.lnk
[2011.12.09 20:16:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.07 21:43:42 | 000,000,442 | ---- | C] () -- C:\prefs.js
[2011.12.07 20:26:47 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2011.12.04 21:50:59 | 000,002,399 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.12.04 21:48:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2651059891-375285687-2646737772-500Core.job
[2011.12.04 21:12:04 | 189,948,433 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.30 21:13:13 | 000,065,040 | ---- | C] () -- C:\Users\Administrator\Desktop\Benfica4ever.jpg
[2011.11.28 12:30:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2011.11.28 12:30:54 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.11.28 12:30:53 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2011.11.28 12:30:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2011.11.28 12:30:52 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat
[2011.11.28 12:30:40 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2011.11.28 12:30:40 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat
[2011.11.28 12:30:21 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2011.11.28 12:30:21 | 000,006,071 | ---- | C] () -- C:\Windows\unins000.dat
[2011.11.28 12:16:40 | 003,768,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 09:47:43 | 000,657,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:05:48 | 000,618,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,108,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 304 bytes -> C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation

< End of report >
--- --- ---

DanyRibi 29.12.2011 19:32
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 29.12.2011 19:48:20 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Administrator\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,87 Mb Total Physical Memory | 311,55 Mb Available Physical Memory | 32,70% Memory free
1,93 Gb Paging File | 1,23 Gb Available in Paging File | 63,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 29,40 Gb Free Space | 54,83% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,54 Gb Free Space | 35,91% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Foto Designer Pro 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759ef96c-3b1c-492b-b872-65869600a028}" = Nero 9
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C0410301-8AA7-460D-AB92-13BEDAC25753}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Autoruns" = Autoruns
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core Temp" = Core Temp
"Counter-Strike 1.6" = Counter-Strike 1.6
"CPU-Z" = CPU-Z
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FL Studio 9" = FL Studio 9
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Gpuz" = GPU-Z
"Hardcore" = Hardcore
"HDTune" = HDTune
"IL Download Manager" = IL Download Manager
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mp3tag" = Mp3tag v2.48
"N360" = Norton 360
"NFOPad" = NFOPad 1.55
"PictureItSuite_v10" = Microsoft Picture It! Foto Designer Pro Plus 10
"PoiZone" = PoiZone
"Real Temp" = Real Temp
"SAM3" = SAM Broadcaster (remove only)
"Sawer" = Sawer
"Songr" = Songr
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities" = TuneUp Utilities
"Update Service" = Sony Ericsson Update Service
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows 7 Custom Theme Pack" = Windows 7 Custom Theme Pack
"Windows 7 Theme Pack" = Windows 7 Theme Pack
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"xp-AntiSpy" = xp-AntiSpy 3.98
"XYLIOfdp_is1" = FutureDecks Pro 2.0.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2011 21:16:31 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5382
 
Error - 28.12.2011 21:16:31 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5382
 
Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 85145
 
Error - 28.12.2011 21:17:51 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 85145
 
Error - 29.12.2011 06:01:33 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description =
 
Error - 29.12.2011 06:50:00 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description =
 
Error - 29.12.2011 07:20:55 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description =
 
Error - 29.12.2011 10:11:51 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description =
 
Error - 29.12.2011 14:25:41 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description =
 
[ System Events ]
Error - 29.12.2011 10:22:54 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.12.2011 11:00:50 | Computer Name = FiFu-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2011 um 15:58:28 unerwartet heruntergefahren.
 
Error - 29.12.2011 11:00:54 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 29.12.2011 11:00:57 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.12.2011 11:00:57 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  BHDrvx86  discache  IDSVix86  spldr  SRTSPX  SymIRON  SymNetS  Wanarpv6
 
Error - 29.12.2011 11:01:08 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.12.2011 11:01:14 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.12.2011 11:01:17 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.12.2011 14:25:32 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 29.12.2011 14:25:33 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%577
 
 
< End of report >
--- --- ---

Chris4You 29.12.2011 20:52
Hi,

wie schaffst Du das nur, die neuste Verseuchung erfolgte heute ca. 19:00 uhr...?

  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
PRC - C:\Users\Administrator\AppData\Roaming\regsrv64.exe (nutre iz)
PRC - C:\Users\Administrator\AppData\Roaming\227D.exe ()
O4 - HKLM..\Run: [Windows Task Services]  7 File not found
O4 - HKCU..\Run: [Microsoft DLL Registration] C:\Users\Administrator\AppData\Roaming\regsrv64.exe (nutre iz)
O4 - HKCU..\Run: [Windows Task Services]  7 File not found
O4 - HKLM..\RunOnce: [Windows Task Services]  7 File not found
O4 - HKCU..\RunOnce: [Windows Task Services]  7 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services =  7
O21 - SSODL: Windows Task Services -  7 - No CLSID value found.
O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell - "" = AutoRun
O33 - MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\Shell\AutoRun\command - "" = G:\Startme.exe
[2011.12.29 19:27:16 | 000,090,112 | ---- | C] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\regsrv64.exe
[2011.12.29 19:26:48 | 000,090,112 | ---- | C] (nutre iz) -- C:\Users\Administrator\AppData\Roaming\32D3.exe
[2011.12.29 19:26:44 | 000,385,024 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\227D.exe
@Alternate Data Stream - 304 bytes -> C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Weitere Anleitung unter:http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

Dann MAM updaten und gleich hinterher jagen...

chris

DanyRibi 29.12.2011 21:41
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: FIFU-PC [Administrator]

Schutz: Aktiviert

29.12.2011 20:00:54
mbam-log-2011-12-29 (20-00-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 288846
Laufzeit: 42 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Administrator\AppData\Roaming\regsrv64.exe (Trojan.Ransom.BP) -> 4052 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft DLL Registration (Trojan.Ransom.BP) -> Daten: C:\Users\Administrator\AppData\Roaming\regsrv64.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Windows Task Services (Backdoor.PWin.Gen) -> Daten: 7 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Windows Task Services (Backdoor.PWin.Gen) -> Daten: 7 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Administrator\AppData\Roaming\regsrv64.exe (Trojan.Ransom.BP) -> Löschen bei Neustart.
C:\Users\Administrator\AppData\Roaming\32D3.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\users\administrator\appdata\roaming\cyrcre.exe (Worm.Dorkbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

DanyRibi 29.12.2011 21:44
OTL :

========== OTL ==========
Process regsrv64.exe killed successfully!
Process 227D.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft DLL Registration not found.
C:\Users\Administrator\AppData\Roaming\regsrv64.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Task Services not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Task Services not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Windows Task Services deleted successfully.
Invalid CLSID key: 7
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39f9b080-2a18-11e1-baf8-001d72dac89a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39f9b080-2a18-11e1-baf8-001d72dac89a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39f9b080-2a18-11e1-baf8-001d72dac89a}\ not found.
File G:\Startme.exe not found.
File C:\Users\Administrator\AppData\Roaming\regsrv64.exe not found.
File C:\Users\Administrator\AppData\Roaming\32D3.exe not found.
C:\Users\Administrator\AppData\Roaming\227D.exe moved successfully.
ADS C:\Users\Administrator\Desktop\Benfica4ever.jpg:SummaryInformation deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_220513

Chris4You 29.12.2011 21:45
Hi,

fahre sofort das OTL-script ab, einer ist MAM durchgerutscht...

chris

DanyRibi 29.12.2011 21:45
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2270642 bytes
->Temporary Internet Files folder emptied: 16993018 bytes
->Java cache emptied: 11327 bytes
->Google Chrome cache emptied: 340469915 bytes
->Flash cache emptied: 91886 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3596 bytes
RecycleBin emptied: 534599727 bytes

Total Files Cleaned = 853,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12282011_212953

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.

Registry entries deleted on Reboot...

DanyRibi 29.12.2011 21:46
wie abfahren?
was meinst du?

Chris4You 29.12.2011 21:47
Hi,

das OTL-Script über dem MAM-Log...

chris

DanyRibi 29.12.2011 21:49
tut mir leid für die Frage aber ich versteh im Moment nicht was du meinst..

Wie mache ich das

Chris4You 29.12.2011 22:52
Hi,

ist ok, die Posts gingen knapp aneinander vorbei...

So, jetzt noch ESET...lass ihn über Nacht laufen...

ESET Online Scanner (http://www.eset.com/onlinescan/)

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

chris

DanyRibi 31.12.2011 13:04
Hallo Chris :)

ich war gestern nicht zuhause.
Ich werde den Eset Scanner diese Nacht durchlaufen lassen und dann poste ich die Ergebnisse hier rein :D

Ich wünsche dir ein Guten Rutsch! :)

DanyRibi

DanyRibi 01.01.2012 01:07
Hier die Log-Datei vom ESET Scanner


[SPOILER]ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0b567b08b4da24bb41186408435a94a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 07:04:18
# local_time=2011-12-31 08:04:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3589 16777214 100 84 504171 76012734 0 0
# compatibility_mode=8192 67108863 100 0 3814 3814 0 0
# scanned=146795
# found=8
# cleaned=8
# scan_time=4470
C:\Users\Administrator\AppData\Local\709b8acb\U\80000000.@ a variant of Win32/Sirefef.DV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\Roaming\3642.exe Win32/Agent.TFI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\Roaming\5CB8.exe Win32/CoinMiner.I trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\Roaming\6E36.exe Win32/Agent.TFI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12292011_220513\C_Users\Administrator\AppData\Roaming\227D.exe Win32/CoinMiner.I trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\programme\SoftonicDownloader66221.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\programme\nero 8.0\nero 8.0\Nero V.8.0.3.0\Toolbar.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\programme\nero 8.0\nero 8.0\Nero V.8.0.3.0\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C[/SPOILER]

Chris4You 01.01.2012 11:22
Hi,

bitte nochmal ein neues OTL-Log...

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:42 Uhr.
Seite 3 von 5 12 3 45
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131