|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: Virus entfernt, Computer aber trotzdem noch langsam......Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  | 
|  31.07.2010, 12:16 | #1 | 
|  |   Virus entfernt, Computer aber trotzdem noch langsam...... Hallo Leute ich brauche eure hilfe bitte ich hatte vor ca. einer woche eine malware auf meinem rechner  ich weiß nicht mer genau ob es eine malware oder eine spyware war. ich wollte euch bitten meinen computerlog mal anzuschauen und mir zu sagen was da nicht stimmen könnte, denn der virus den ich oben hatte wurde laut vierenschutzprogramm erfolgreich entfernt, der computer fährt sich aber trotzdem noch langsam hoch und braucht für alles aussergewöhnlich lange. HiJackthis Logfile: Code: 
  ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:01:41, on 31.07.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\csrss.exe C:\windows\system32\csrss.exe C:\windows\system32\wininit.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\windows\system32\conhost.exe C:\windows\SYSTEM32\Rezip.exe C:\windows\system32\svchost.exe C:\windows\system32\taskhost.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\Dwm.exe C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe C:\windows\Explorer.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\windows\System32\rundll32.exe C:\Program Files\AnyPC Client\APLanMgrC.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\windows\system32\svchost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Janosch Mairbäurl\AppData\Local\Temp\7zS1F82.tmp\SymNRT.exe C:\Users\Janosch Mairbäurl\AppData\Local\Temp\Temp2_HiJackThis.zip\HijackThis.exe C:\windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.0.0.127\IPSBHO.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O8 - Extra context menu item: &Alles mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Janosch Mairbäurl\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Mit BitComet herunter&laden - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing) O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7A29546B-3E05-4B6C-B461-1C2123E007F7}: NameServer = 213.162.69.169 213.162.65.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe -- End of file - 8875 bytes danke im vorraus. ich hoffe ihr könnt was für mich machen MFG Janosch | 
|  31.07.2010, 13:32 | #2 | |
| /// Malwareteam     |   Virus entfernt, Computer aber trotzdem noch langsam...... Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden. 
 Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Filesharing Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen. Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren Zitat: 
 Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. 
 Schritt 3 Rootkit-Suche mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en: 
 Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern. 
 Nun das Logfile in Code-Tags posten. | 
|  31.07.2010, 14:20 | #3 | 
|  |   Virus entfernt, Computer aber trotzdem noch langsam...... ok dann mal zu schritt 2__________________ OTL Logfile: Code: 
  ATTFilter OTL logfile created on: 7/31/2010 2:49:19 PM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Janosch Mairbäurl\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,013.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 66.97 Gb Total Space | 35.64 Gb Free Space | 53.21% Space Free | Partition Type: NTFS Drive D: | 66.98 Gb Total Space | 2.55 Gb Free Space | 3.80% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JANOSCHS Current User Name: Janosch Mairbäurl Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Janosch Mairbäurl\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE () PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis) PRC - C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\AnyPC Client\APLanMgrC.exe (DoctorSoft) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\Rezip.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Janosch Mairbäurl\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe (Symantec Corporation) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () ========== Driver Services (SafeList) ========== DRV - (SYMNDISV) -- C:\windows\System32\drivers\N360\0305020.00B\SYMNDISV.SYS File not found DRV - (SYMFW) -- C:\windows\System32\drivers\N360\0305020.00B\SYMFW.SYS File not found DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100730.048\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100730.048\NAVENG.SYS (Symantec Corporation) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (samsung_hspa_datacard_cdc_acm) -- C:\Windows\System32\drivers\samsung_hspa_datacard_cdc_acm.sys (Samsung) DRV - (samsung_hspa_datacard_dc_enum) -- C:\Windows\System32\drivers\samsung_hspa_datacard_dc_enum.sys (Samsung) DRV - (samsung_hspa_datacard_cdc_ecm) -- C:\Windows\System32\drivers\samsung_hspa_datacard_cdc_ecm.sys (Samsung) DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (ccHP) -- C:\windows\system32\drivers\N360\0400000.07F\ccHPx86.sys (Symantec Corporation) DRV - (SRTSP) -- C:\windows\System32\Drivers\N360\0400000.07F\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\N360\0400000.07F\SRTSPX.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\windows\system32\drivers\N360\0400000.07F\SYMEFA.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\windows\system32\drivers\N360\0400000.07F\Ironx86.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHDrvx86.sys (Symantec Corporation) DRV - (SYMTDIV) -- C:\windows\system32\drivers\N360\0400000.07F\SYMTDIV.SYS (Symantec Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSVix86.sys (Symantec Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (SymDS) -- C:\windows\system32\drivers\N360\0400000.07F\SYMDS.SYS (Symantec Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.) DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5 FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search=" FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/07/31 14:15:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/07/31 14:15:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Minefield 4.0b2pre\extensions\\Components: C:\Program Files\Minefield\components FF - HKLM\software\mozilla\Minefield 4.0b2pre\extensions\\Plugins: C:\Program Files\Minefield\plugins FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 23:15:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 23:15:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/24 11:49:32 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Extensions [2010/04/24 11:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/07/31 13:47:11 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Firefox\Profiles\v27uacui.default\extensions [2010/04/06 06:09:35 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Firefox\Profiles\v27uacui.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010/07/30 21:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Firefox\Profiles\v27uacui.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/05/18 18:15:37 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Firefox\Profiles\v27uacui.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2010/05/18 21:45:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Firefox\Profiles\v27uacui.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/10 18:53:03 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Firefox\Profiles\v27uacui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010/05/07 20:14:42 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Janosch Mairbäurl\AppData\Roaming\mozilla\Firefox\Profiles\v27uacui.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/05/06 17:08:50 | 000,000,261 | ---- | M] () -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Mozilla\FireFox\Profiles\v27uacui.default\searchplugins\Search.xml [2010/07/31 13:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010/07/23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/07/23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/07/23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/07/23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/07/23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.0.0.127\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Janosch Mairbäurl\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ada2f204-3caa-11df-8801-2c8158ca1240}\Shell - "" = AutoRun O33 - MountPoints2\{ada2f204-3caa-11df-8801-2c8158ca1240}\Shell\AutoRun\command - "" = E:\autorunner.exe Film Kagerer~1.wmv -- File not found O33 - MountPoints2\{e3aa33e7-541c-11df-88c3-2c8158ca1240}\Shell - "" = AutoRun O33 - MountPoints2\{e3aa33e7-541c-11df-88c3-2c8158ca1240}\Shell\AutoRun\command - "" = E:\autorunner.exe Film Kagerer~1.wmv -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/31 14:46:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Janosch Mairbäurl\Desktop\OTL.exe [2010/07/31 13:53:30 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0400000.07F\symtdiv.sys [2010/07/31 13:53:30 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0400000.07F\SymDS.sys [2010/07/31 13:53:30 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0400000.07F\SymEFA.sys [2010/07/31 13:53:29 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0400000.07F\srtsp.sys [2010/07/31 13:53:29 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0400000.07F\srtspx.sys [2010/07/31 13:53:28 | 000,116,272 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0400000.07F\Ironx86.sys [2010/07/31 13:53:27 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0400000.07F\cchpx86.sys [2010/07/31 13:45:03 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll [2010/07/31 13:44:50 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS [2010/07/31 13:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2010/07/31 13:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010/07/31 13:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 [2010/07/31 13:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2010/07/31 12:56:44 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\Janosch Mairbäurl\Desktop\Norton_Removal_Tool.exe [2010/07/30 21:16:43 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\Documents\DVDVideoSoft [2010/07/30 21:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010/07/30 21:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010/07/29 14:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010/07/29 14:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2010/07/27 15:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2010/07/27 12:33:52 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Tific [2010/07/27 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Local\Symantec [2010/07/27 00:09:56 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\N360 [2010/07/27 00:09:56 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\N360\0400000.07F [2010/07/27 00:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010/07/27 00:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010/07/26 23:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/07/26 23:04:50 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Local\Threat Expert [2010/07/26 14:23:52 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll.old [2010/07/26 14:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2010/07/26 12:33:11 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Malwarebytes [2010/07/26 12:32:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010/07/26 12:32:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010/07/26 12:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/26 12:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/26 12:31:45 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AntiSpy [2010/07/25 21:53:06 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Fighters [2010/07/25 21:53:04 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Local\PackageAware [2010/07/25 08:54:04 | 000,000,000 | ---D | C] -- C:\windows\pss [2010/07/13 00:47:45 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Screenbrush [2010/07/13 00:47:43 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Local\Screenbrush_GmbH [2010/07/13 00:40:00 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Local\Apps [2010/07/13 00:39:59 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Local\Deployment [2010/07/09 23:48:17 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\Schatz [2010/07/07 16:05:32 | 000,014,904 | ---- | C] (Secunia) -- C:\windows\System32\drivers\psi_mf.sys [2010/07/04 21:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/07/04 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/07/03 14:34:04 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Local\Bump Technologies, Inc [2010/07/03 14:30:41 | 000,000,000 | ---D | C] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Bump Technologies, Inc [2010/07/03 14:30:35 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_5.dll [2010/07/03 14:30:34 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_43.dll [2010/07/03 14:30:34 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_7.dll [2010/07/03 14:30:34 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_7.dll [2010/07/03 14:30:33 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_43.dll [2010/07/03 14:30:32 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_43.dll [2010/07/03 14:30:32 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_43.dll [2010/07/03 14:30:32 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_43.dll [2010/07/03 14:30:31 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll [2010/07/03 14:30:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_6.dll [2010/07/03 14:30:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll [2010/07/03 14:30:30 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_5.dll [2010/07/03 14:30:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll [2010/07/03 14:30:29 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_42.dll [2010/07/03 14:30:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_5.dll [2010/07/03 14:30:28 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_42.dll [2010/07/03 14:30:28 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_42.dll [2010/07/03 14:30:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_42.dll [2010/07/03 14:30:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_42.dll [2010/07/03 14:30:26 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_41.dll [2010/07/03 14:30:26 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_41.dll [2010/07/03 14:30:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_41.dll [2010/07/03 14:30:25 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_4.dll [2010/07/03 14:30:25 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_3.dll [2010/07/03 14:30:24 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_40.dll [2010/07/03 14:30:24 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_40.dll [2010/07/03 14:30:24 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_4.dll [2010/07/03 14:30:24 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_6.dll [2010/07/03 14:30:23 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_40.dll [2010/07/03 14:30:22 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_3.dll [2010/07/03 14:30:22 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_3.dll [2010/07/03 14:30:22 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_2.dll [2010/07/03 14:30:22 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_5.dll [2010/07/03 14:30:21 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_2.dll [2010/07/03 14:30:21 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_2.dll [2010/07/03 14:30:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_1.dll [2010/07/03 14:30:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_39.dll [2010/07/03 14:30:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_39.dll [2010/07/03 14:30:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_39.dll [2010/07/03 14:30:19 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll [2010/07/03 14:30:19 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll [2010/07/03 14:30:18 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll [2010/07/03 14:30:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll [2010/07/03 14:30:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll [2010/07/03 14:30:18 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll [2010/07/03 14:30:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll [2010/07/03 14:30:16 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_0.dll [2010/07/03 14:30:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_0.dll [2010/07/03 14:30:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_3.dll [2010/07/03 14:30:15 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_37.dll [2010/07/03 14:30:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_37.dll [2010/07/03 14:30:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_37.dll [2010/07/03 14:30:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_10.dll [2010/07/03 14:30:13 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_36.dll [2010/07/03 14:30:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_36.dll [2010/07/03 14:30:12 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_36.dll [2010/07/03 14:30:11 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_35.dll [2010/07/03 14:30:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_35.dll [2010/07/03 14:30:11 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_9.dll [2010/07/03 14:30:10 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_35.dll [2010/07/03 14:30:09 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_34.dll [2010/07/03 14:30:09 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_34.dll [2010/07/03 14:30:09 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_8.dll [2010/07/03 14:30:09 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_2.dll [2010/07/03 14:30:08 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_34.dll [2010/07/03 14:30:07 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_7.dll [2010/07/03 14:30:07 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_3.dll [2010/07/03 14:30:06 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_33.dll [2010/07/03 14:30:06 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_33.dll [2010/07/03 14:30:06 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_33.dll [2010/07/03 14:30:05 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_6.dll [2010/07/03 14:30:04 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10.dll [2010/07/03 14:30:04 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_5.dll [2010/07/03 14:30:03 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_31.dll [2010/07/03 14:30:03 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_4.dll [2010/07/03 14:30:03 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_1.dll [2010/07/03 14:30:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_3.dll [2010/07/03 14:30:01 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_2.dll [2010/07/03 14:22:55 | 000,000,000 | ---D | C] -- C:\windows\System32\directx [2010/07/02 13:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2010/07/01 18:29:54 | 000,000,000 | ---D | C] -- C:\windows\Minidump ========== Files - Modified Within 30 Days ========== [2010/07/31 15:08:00 | 004,194,304 | -HS- | M] () -- C:\Users\Janosch Mairbäurl\NTUSER.DAT [2010/07/31 14:46:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Janosch Mairbäurl\Desktop\OTL.exe [2010/07/31 14:42:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/31 14:20:07 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/31 14:20:07 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/31 14:15:09 | 000,984,906 | ---- | M] () -- C:\windows\System32\drivers\N360\0400000.07F\Cat.DB [2010/07/31 14:06:42 | 000,002,331 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2010/07/31 14:02:07 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/31 14:01:49 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/07/31 13:57:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/07/31 13:57:24 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys [2010/07/31 13:56:35 | 001,778,128 | -H-- | M] () -- C:\Users\Janosch Mairbäurl\AppData\Local\IconCache.db [2010/07/31 13:54:02 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS [2010/07/31 13:54:02 | 000,007,443 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT [2010/07/31 13:54:02 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF [2010/07/31 13:44:25 | 000,107,368 | R--- | M] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll [2010/07/31 12:56:49 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\Janosch Mairbäurl\Desktop\Norton_Removal_Tool.exe [2010/07/30 21:36:42 | 000,002,696 | ---- | M] () -- C:\Users\Janosch Mairbäurl\Desktop\vba.ini [2010/07/30 21:16:54 | 000,001,197 | ---- | M] () -- C:\Users\Janosch Mairbäurl\Desktop\DVDVideoSoft Free Studio.lnk [2010/07/30 20:31:43 | 001,486,084 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010/07/30 20:31:43 | 000,648,704 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010/07/30 20:31:43 | 000,611,332 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010/07/30 20:31:43 | 000,128,930 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010/07/30 20:31:43 | 000,105,512 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010/07/27 00:01:51 | 000,001,363 | ---- | M] () -- C:\Users\Janosch Mairbäurl\Desktop\Norton Installation Files.lnk [2010/07/26 23:15:36 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/07/26 12:33:00 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/24 15:44:53 | 000,015,802 | ---- | M] () -- C:\Users\Janosch Mairbäurl\.recently-used.xbel [2010/07/22 21:54:24 | 001,757,264 | ---- | M] (None) -- C:\Users\Janosch Mairbäurl\Desktop\VisualBoyAdvance.exe [2010/07/12 20:15:29 | 000,002,045 | ---- | M] () -- C:\windows\blueblox.ini [2010/07/07 16:05:32 | 000,014,904 | ---- | M] (Secunia) -- C:\windows\System32\drivers\psi_mf.sys [2010/07/04 22:06:22 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/07/04 22:01:40 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2010/07/31 13:52:44 | 000,003,374 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\SymEFA.inf [2010/07/31 13:52:44 | 000,002,793 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\SymDS.inf [2010/07/31 13:52:44 | 000,001,756 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\ccHPx86.inf [2010/07/31 13:52:44 | 000,001,473 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\SymNetV.inf [2010/07/31 13:52:44 | 000,001,445 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\SymNet.inf [2010/07/31 13:52:44 | 000,001,388 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\srtspx.inf [2010/07/31 13:52:44 | 000,001,382 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\srtsp.inf [2010/07/31 13:52:44 | 000,000,742 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\Iron.inf [2010/07/31 13:52:41 | 000,007,787 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\symnetv.cat [2010/07/31 13:52:41 | 000,007,444 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\SymEFA.cat [2010/07/31 13:52:41 | 000,007,442 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\srtspx.cat [2010/07/31 13:52:41 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\srtsp.cat [2010/07/31 13:52:41 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\iron.cat [2010/07/31 13:52:41 | 000,007,425 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\SymDS.cat [2010/07/31 13:52:41 | 000,007,368 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\SymNet.cat [2010/07/31 13:52:40 | 000,007,396 | R--- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\cchpx86.cat [2010/07/31 13:52:40 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\isolate.ini [2010/07/31 13:44:50 | 000,007,443 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT [2010/07/31 13:44:50 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF [2010/07/31 13:44:45 | 000,002,331 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk [2010/07/30 21:16:45 | 000,001,197 | ---- | C] () -- C:\Users\Janosch Mairbäurl\Desktop\DVDVideoSoft Free Studio.lnk [2010/07/27 00:11:06 | 000,984,906 | ---- | C] () -- C:\windows\System32\drivers\N360\0400000.07F\Cat.DB [2010/07/27 00:01:49 | 000,001,363 | ---- | C] () -- C:\Users\Janosch Mairbäurl\Desktop\Norton Installation Files.lnk [2010/07/26 23:15:36 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/07/26 14:23:54 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll.old [2010/07/26 12:33:00 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/24 15:44:53 | 000,015,802 | ---- | C] () -- C:\Users\Janosch Mairbäurl\.recently-used.xbel [2010/07/22 21:54:33 | 000,002,696 | ---- | C] () -- C:\Users\Janosch Mairbäurl\Desktop\vba.ini [2010/07/04 22:06:22 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/07/04 22:01:40 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/07/02 14:50:55 | 000,002,045 | ---- | C] () -- C:\windows\blueblox.ini [2010/05/29 19:27:07 | 000,000,020 | ---- | C] () -- C:\windows\mafosav.INI [2010/05/23 15:04:18 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll [2010/05/01 14:25:14 | 000,000,036 | ---- | C] () -- C:\windows\Caligari.ini [2010/03/30 18:07:03 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/09/28 11:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys [2009/07/14 02:55:09 | 000,587,776 | ---- | C] () -- C:\windows\System32\hpotscl1.dll [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010/03/30 20:06:42 | 000,000,000 | -HSD | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\.# [2010/05/04 22:00:21 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\ASCON Installer [2010/06/04 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\BitComet [2010/07/03 14:30:41 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Bump Technologies, Inc [2010/06/10 11:36:48 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\DVDVideoSoftIEHelpers [2010/07/25 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Fighters [2010/05/03 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\FontExplorerX [2010/05/23 15:43:00 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Free Audio Editor [2010/03/30 20:06:28 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\GameConsole [2010/07/24 15:44:53 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\gtk-2.0 [2010/04/20 22:53:56 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\LEGO Company [2010/05/23 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\MAGIX [2010/04/21 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\OpenOffice.org [2010/07/13 00:47:47 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Screenbrush [2010/04/20 22:49:09 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Souptoys [2010/04/24 11:49:31 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Thunderbird [2010/07/27 12:33:52 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\Tific [2010/05/06 17:10:14 | 000,000,000 | ---D | M] -- C:\Users\Janosch Mairbäurl\AppData\Roaming\uTorrent [2010/06/21 22:48:24 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > und OTL Logfile: Code: 
  ATTFilter OTL Extras logfile created on: 7/31/2010 2:49:19 PM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Janosch Mairbäurl\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,013.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.97 Gb Total Space | 35.64 Gb Free Space | 53.21% Space Free | Partition Type: NTFS
Drive D: | 66.98 Gb Total Space | 2.55 Gb Free Space | 3.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JANOSCHS
Current User Name: Janosch Mairbäurl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{27A34859-3E29-438B-BBF6-19BDC6CA9C06}" = Samsung HSPA DataCard 4.3.29.7814
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC197D6-F4AB-44E0-ACF7-210355E6F389}" = Windows Speech Recognition Macros
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92BF2245-BE42-486E-A1CF-DBABCD4F0C43}" = Connection Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{92BF2245-BE42-486E-A1CF-DBABCD4F0C43}" = Connection Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Minefield (4.0b2pre)" = Minefield (4.0b2pre)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"N360" = Norton 360
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI
"Security Task Manager" = Security Task Manager 1.7h
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"00b0b565786f7ecc" = OnTopReplica
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/26/2010 8:22:38 AM | Computer Name = Janoschs | Source = PerfNet | ID = 2004
Description = 
 
Error - 7/26/2010 8:22:38 AM | Computer Name = Janoschs | Source = PerfNet | ID = 2002
Description = 
 
Error - 7/26/2010 8:24:46 AM | Computer Name = Janoschs | Source = PerfNet | ID = 2004
Description = 
 
Error - 7/26/2010 8:24:46 AM | Computer Name = Janoschs | Source = PerfNet | ID = 2002
Description = 
 
Error - 7/26/2010 8:29:12 AM | Computer Name = Janoschs | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 7/26/2010 8:29:12 AM | Computer Name = Janoschs | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 7/26/2010 8:30:23 AM | Computer Name = Janoschs | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 7/26/2010 8:30:46 AM | Computer Name = Janoschs | Source = PerfNet | ID = 2004
Description = 
 
Error - 7/26/2010 8:30:46 AM | Computer Name = Janoschs | Source = PerfNet | ID = 2002
Description = 
 
Error - 7/26/2010 8:30:45 AM | Computer Name = Janoschs | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 7/7/2010 9:19:30 AM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 7/7/2010 1:32:27 PM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 7/7/2010 1:50:29 PM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 7/7/2010 2:50:20 PM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 7/8/2010 8:04:23 AM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 7/8/2010 3:09:13 PM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 7/9/2010 4:13:42 PM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 7/10/2010 4:47:06 PM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 7/11/2010 3:52:37 AM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 7/11/2010 1:56:12 PM | Computer Name = Janoschs | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
          | 
|  31.07.2010, 23:39 | #4 | 
| /// Malwareteam     |   Virus entfernt, Computer aber trotzdem noch langsam...... Nun warte ich noch auf das GMERLog    | 
|  | 
| Themen zu Virus entfernt, Computer aber trotzdem noch langsam...... | 
| antivir, antivir guard, avira, bho, bonjour, computer, converter, desktop, firefox, google, hijack, hijackthis, hijackthis log-file auswerten, internet, internet explorer, intrusion prevention, langsam, local\temp, malware, malware problem, mozilla, mp3, plug-in, software, spyware, stimme, symantec, system, virus, virus entfernt, windows, windows 7 starter |