| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox wechselt auf andere Seiten dazu Logfile von otl.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.12.2010, 13:58
| #1 |
 |  Firefox wechselt auf andere Seiten dazu Logfile von otl.exe Firefox wechselt auf andere Seiten dazu log von Otl.exeOTL Logfile: Code:
ATTFilter OTL logfile created on: 12/29/2010 1:38:24 PM - Run 5 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\xxxx\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 348.01 Gb Total Space | 296.19 Gb Free Space | 85.11% Space Free | Partition Type: NTFS Drive D: | 12.30 Gb Total Space | 1.19 Gb Free Space | 9.67% Space Free | Partition Type: NTFS Drive G: | 338.22 Gb Total Space | 282.63 Gb Free Space | 83.56% Space Free | Partition Type: NTFS Computer Name: BOHL-HP | User Name: bohl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\bohl\Downloads\OTL.exe (OldTimer Tools) PRC - G:\Mozilla\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation) PRC - G:\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) ========== Modules (SafeList) ========== MOD - C:\Users\bohl\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation) SRV - (NMSAccess) -- G:\CDBurnerXP\NMSAccessU.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms File not found DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Ironx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS64.sys (Symantec Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101228.002\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101228.002\ENG64.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101227.001\IDSviA64.sys (Symantec Corporation) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.osthessennews.de/ IE - HKU\S-1-5-21-106767103-2355787817-237608824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.goggle.de" FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/12/19 19:08:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/12/19 19:07:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Mozilla\components [2010/12/20 16:52:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Mozilla\plugins [2010/12/20 16:52:41 | 000,000,000 | ---D | M] [2010/12/20 16:52:58 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\mozilla\Extensions [2010/12/29 00:17:19 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\mozilla\Firefox\Profiles\up0egl02.default\extensions [2010/12/20 17:13:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\bohl\AppData\Roaming\mozilla\Firefox\Profiles\up0egl02.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (BitDefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe File not found MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig:64bit - StartUpReg: MSN Toolbar - hkey= - key= - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe File not found MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found MsConfig:64bit - StartUpReg: UnlockerAssistant - hkey= - key= - G:\Unlocker\UnlockerAssistant.exe File not found MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - G:\Winamp\Winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PEVSystemStart - Service SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: procexp90.Sys - Driver SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: WudfRd - Driver SafeBootMin:64bit: WudfSvc - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WudfRd - Driver SafeBootMin: WudfSvc - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PEVSystemStart - Service SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: procexp90.Sys - Driver SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfRd - Driver SafeBootNet:64bit: WudfSvc - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfRd - Driver SafeBootNet: WudfSvc - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010/12/28 23:56:18 | 000,000,000 | ---D | C] -- C:\_OTL [2010/12/22 22:55:16 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2010/12/22 22:54:47 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2010/12/22 22:54:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2010/12/22 22:53:49 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2010/12/22 22:53:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2010/12/22 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2010/12/22 19:15:12 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Local\Secunia PSI [2010/12/22 19:15:05 | 000,000,000 | ---D | C] -- C:\Users\bohl\PSI [2010/12/22 14:24:14 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Roaming\DVDVideoSoft [2010/12/22 13:48:42 | 000,000,000 | ---D | C] -- C:\Users\bohl\Desktop\VIDEO_TS [2010/12/22 13:37:04 | 000,000,000 | ---D | C] -- C:\Users\bohl\Documents\DVDVideoSoft [2010/12/22 13:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2010/12/22 13:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2010/12/22 13:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2010/12/21 21:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft [2010/12/21 21:26:30 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Local\CrashDumps [2010/12/21 21:24:47 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Roaming\DeepBurner [2010/12/21 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Roaming\Ashampoo [2010/12/21 17:21:03 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Local\ashampoo [2010/12/21 17:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2010/12/21 00:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2010/12/20 13:15:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/12/20 13:15:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/12/20 13:15:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/12/19 23:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD-Abzockschutz [2010/12/19 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010/12/19 19:08:12 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010/12/19 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010/12/19 19:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2010/12/19 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010/12/19 18:06:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64 [2010/12/19 18:06:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0401000.020 [2010/12/19 18:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 [2010/12/19 18:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings [2010/12/19 17:28:43 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/12/19 17:18:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/12/19 17:17:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2010/12/19 14:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2010/12/19 14:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2010/12/15 17:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} [2010/12/07 20:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/12/06 21:14:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010/12/02 22:38:42 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys ========== Files - Modified Within 30 Days ========== [2010/12/29 13:36:46 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/29 13:36:46 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/29 13:33:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/12/29 13:33:45 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010/12/29 13:33:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/12/29 13:33:45 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010/12/29 13:33:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/12/29 13:29:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2010/12/29 13:29:34 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbohl.job [2010/12/29 13:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/29 13:29:23 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2010/12/22 13:43:59 | 000,000,558 | ---- | M] () -- C:\Users\bohl\Desktop\IsoBuster.lnk [2010/12/22 13:37:09 | 000,001,201 | ---- | M] () -- C:\Users\bohl\Desktop\DVDVideoSoft Free Studio.lnk [2010/12/21 17:21:02 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk [2010/12/21 17:19:22 | 151,605,247 | ---- | M] () -- C:\Users\bohl\Desktop\Unstoppable.Ausser.Kontrolle.R5.LD.German.XViD-AOE.vob [2010/12/20 16:52:43 | 000,000,584 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/12/19 19:08:20 | 001,220,520 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Cat.DB [2010/12/19 19:08:12 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010/12/19 19:08:12 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010/12/19 19:08:12 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010/12/19 19:08:06 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010/12/19 18:58:58 | 001,220,520 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Cat.DB [2010/12/19 18:50:58 | 000,000,977 | ---- | M] () -- C:\Users\bohl\Desktop\CCleaner.lnk [2010/12/19 16:28:21 | 000,044,517 | ---- | M] () -- C:\Users\bohl\Documents\pinfect.zip [2010/12/17 19:00:35 | 3462,703,104 | ---- | M] () -- C:\Users\bohl\Desktop\vcf-machete-rip.vob [2010/12/17 18:17:10 | 000,000,640 | ---- | M] () -- C:\Users\bohl\Desktop\Free Video Converter.lnk [2010/12/15 17:53:42 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2010/12/02 22:37:54 | 000,000,036 | ---- | M] () -- C:\Users\bohl\AppData\Local\housecall.guid.cache [2010/12/02 21:55:52 | 000,002,971 | ---- | M] () -- C:\Users\bohl\Desktop\HiJackThis.lnk [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010/12/22 13:37:05 | 000,001,201 | ---- | C] () -- C:\Users\bohl\Desktop\DVDVideoSoft Free Studio.lnk [2010/12/21 17:21:02 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk [2010/12/21 16:38:49 | 151,605,247 | ---- | C] () -- C:\Users\bohl\Desktop\Unstoppable.Ausser.Kontrolle.R5.LD.German.XViD-AOE.vob [2010/12/20 16:52:42 | 000,000,584 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/12/19 19:08:12 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010/12/19 19:08:12 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010/12/19 19:08:06 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010/12/19 18:50:51 | 000,000,977 | ---- | C] () -- C:\Users\bohl\Desktop\CCleaner.lnk [2010/12/19 16:28:21 | 000,044,517 | ---- | C] () -- C:\Users\bohl\Documents\pinfect.zip [2010/12/17 18:18:15 | 3462,703,104 | ---- | C] () -- C:\Users\bohl\Desktop\vcf-machete-rip.vob [2010/12/15 17:53:41 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2010/12/02 22:37:54 | 000,000,036 | ---- | C] () -- C:\Users\bohl\AppData\Local\housecall.guid.cache [2010/12/02 21:55:52 | 000,002,971 | ---- | C] () -- C:\Users\bohl\Desktop\HiJackThis.lnk [2010/09/28 14:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL [2010/07/29 23:19:31 | 000,000,000 | ---- | C] () -- C:\Users\bohl\AppData\Roaming\wklnhst.dat [2010/07/27 21:49:54 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010/07/25 13:26:15 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010/07/12 21:42:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2010/01/27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010/12/21 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Ashampoo [2010/07/27 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Canneverbe Limited [2010/12/21 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\DeepBurner [2010/12/22 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\DVDVideoSoft [2010/12/21 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\FreeVideoConverter [2010/12/19 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\QuickScan [2010/08/08 22:45:05 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\SuperMP3Download [2010/07/29 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Template [2010/08/03 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\thecleaner [2010/11/15 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Tific [2010/11/22 00:39:23 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Uniblue [2010/07/06 19:01:57 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\WinBatch [2010/09/28 23:24:07 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Xeta [2010/07/01 17:11:37 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\_MDLogs [2010/11/20 21:27:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/11/29 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Adobe [2010/12/21 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Ashampoo [2010/07/01 16:54:46 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\ATI [2010/07/27 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Canneverbe Limited [2010/08/24 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\CyberLink [2010/12/21 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\DeepBurner [2010/12/13 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\dvdcss [2010/12/22 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\DVDVideoSoft [2010/12/21 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\FreeVideoConverter [2010/11/17 17:05:36 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Hewlett-Packard [2010/12/28 21:56:19 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\HP Support Assistant [2010/12/15 17:58:46 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\hpqLog [2010/12/28 21:56:19 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\HpUpdate [2010/07/01 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Identities [2010/07/01 18:21:20 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Macromedia [2010/10/22 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Malwarebytes [2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Media Center Programs [2010/12/21 20:33:45 | 000,000,000 | --SD | M] -- C:\Users\bohl\AppData\Roaming\Microsoft [2010/12/20 16:52:58 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Mozilla [2010/12/19 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\QuickScan [2010/09/21 00:03:11 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Skype [2010/08/08 22:45:05 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\SuperMP3Download [2010/07/29 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Template [2010/08/03 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\thecleaner [2010/11/15 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Tific [2010/11/22 00:39:23 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Uniblue [2010/12/06 22:16:44 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\vlc [2010/12/21 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Winamp [2010/07/06 19:01:57 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\WinBatch [2010/07/05 13:29:03 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\WinRAR [2010/09/28 23:24:07 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Xeta [2010/09/19 19:15:40 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Yahoo! [2010/07/01 17:11:37 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\_MDLogs < %APPDATA%\*.exe /s > [2010/12/02 21:55:52 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\bohl\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2010/11/15 19:51:51 | 005,401,704 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\bohl\AppData\Roaming\Uniblue\DriverScanner\_temp\driverscanner.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Logfile erstellt nach Anleitung von anderem User hier der das gleiche Problem hatte und Malewarbytes hatte nach Suche im Offlinemodus keine Funde gemeldet |
|
29.12.2010, 14:33
| #2 |
| | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe tut mir leid ich hatte Extra.logfile vergessen also nochmal alles von vorne: OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12/29/2010 2:22:01 PM - Run 6
OTL by OldTimer - Version 3.2.18.1 Folder = C:\Users\bohl\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.01 Gb Total Space | 296.46 Gb Free Space | 85.19% Space Free | Partition Type: NTFS
Drive D: | 12.30 Gb Total Space | 1.19 Gb Free Space | 9.67% Space Free | Partition Type: NTFS
Drive G: | 338.22 Gb Total Space | 282.43 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
Computer Name: BOHL-HP | User Name: bohl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\bohl\Downloads\OTL(2).exe (OldTimer Tools)
PRC - G:\Mozilla\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - G:\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
========== Modules (SafeList) ==========
MOD - C:\Users\bohl\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (NMSAccess) -- G:\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101228.036\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101228.036\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101228.001\IDSviA64.sys (Symantec Corporation)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Osthessen-News - Nachrichten aus Osthessen
IE - HKU\S-1-5-21-106767103-2355787817-237608824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/12/19 19:08:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/12/19 19:07:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Mozilla\components [2010/12/20 16:52:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Mozilla\plugins [2010/12/20 16:52:41 | 000,000,000 | ---D | M]
[2010/12/20 16:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bohl\AppData\Roaming\mozilla\Extensions
[2010/12/29 00:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bohl\AppData\Roaming\mozilla\Firefox\Profiles\up0egl02.default\extensions
[2010/12/20 17:13:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\bohl\AppData\Roaming\mozilla\Firefox\Profiles\up0egl02.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/19 19:07:51 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2010/12/19 19:08:32 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-106767103-2355787817-237608824-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe File not found
MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: MSN Toolbar - hkey= - key= - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
MsConfig:64bit - StartUpReg: UnlockerAssistant - hkey= - key= - G:\Unlocker\UnlockerAssistant.exe File not found
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - G:\Winamp\Winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfRd - Driver
SafeBootMin:64bit: WudfSvc - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WudfRd - Driver
SafeBootMin: WudfSvc - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfSvc - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfSvc - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/12/28 23:56:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/22 22:55:16 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/12/22 22:54:47 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/12/22 22:54:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/12/22 22:53:49 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/12/22 22:53:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/12/22 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2010/12/22 19:15:12 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Local\Secunia PSI
[2010/12/22 19:15:05 | 000,000,000 | ---D | C] -- C:\Users\bohl\PSI
[2010/12/22 14:24:14 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Roaming\DVDVideoSoft
[2010/12/22 13:48:42 | 000,000,000 | ---D | C] -- C:\Users\bohl\Desktop\VIDEO_TS
[2010/12/22 13:37:04 | 000,000,000 | ---D | C] -- C:\Users\bohl\Documents\DVDVideoSoft
[2010/12/22 13:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010/12/22 13:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010/12/22 13:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/12/21 21:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft
[2010/12/21 21:26:30 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Local\CrashDumps
[2010/12/21 21:24:47 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Roaming\DeepBurner
[2010/12/21 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Roaming\Ashampoo
[2010/12/21 17:21:03 | 000,000,000 | ---D | C] -- C:\Users\bohl\AppData\Local\ashampoo
[2010/12/21 17:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010/12/21 00:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010/12/20 13:15:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/20 13:15:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/20 13:15:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/19 23:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
[2010/12/19 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/12/19 19:08:12 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/12/19 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/12/19 19:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/12/19 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/12/19 18:06:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/12/19 18:06:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0401000.020
[2010/12/19 18:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2010/12/19 18:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/12/19 17:28:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/19 17:18:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/19 17:17:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010/12/19 14:35:51 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2010/12/19 14:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2010/12/19 14:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010/12/15 17:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2010/12/07 20:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/06 21:14:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/12/02 22:38:42 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
========== Files - Modified Within 30 Days ==========
[2010/12/29 13:36:46 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 13:36:46 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 13:33:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/29 13:33:45 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/12/29 13:33:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/29 13:33:45 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/12/29 13:33:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/29 13:29:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/12/29 13:29:34 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbohl.job
[2010/12/29 13:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/29 13:29:23 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 13:43:59 | 000,000,558 | ---- | M] () -- C:\Users\bohl\Desktop\IsoBuster.lnk
[2010/12/22 13:37:09 | 000,001,201 | ---- | M] () -- C:\Users\bohl\Desktop\DVDVideoSoft Free Studio.lnk
[2010/12/21 17:21:02 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk
[2010/12/21 17:19:22 | 151,605,247 | ---- | M] () -- C:\Users\bohl\Desktop\Unstoppable.Ausser.Kontrolle.R5.LD.German.XViD-AOE.vob
[2010/12/20 16:52:43 | 000,000,584 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/19 19:08:20 | 001,220,520 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Cat.DB
[2010/12/19 19:08:12 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/12/19 19:08:12 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/12/19 19:08:12 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/12/19 19:08:06 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/19 18:58:58 | 001,220,520 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Cat.DB
[2010/12/19 18:50:58 | 000,000,977 | ---- | M] () -- C:\Users\bohl\Desktop\CCleaner.lnk
[2010/12/19 16:28:21 | 000,044,517 | ---- | M] () -- C:\Users\bohl\Documents\pinfect.zip
[2010/12/17 19:00:35 | 3462,703,104 | ---- | M] () -- C:\Users\bohl\Desktop\vcf-machete-rip.vob
[2010/12/17 18:17:10 | 000,000,640 | ---- | M] () -- C:\Users\bohl\Desktop\Free Video Converter.lnk
[2010/12/15 17:53:42 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/12/02 22:37:54 | 000,000,036 | ---- | M] () -- C:\Users\bohl\AppData\Local\housecall.guid.cache
[2010/12/02 21:55:52 | 000,002,971 | ---- | M] () -- C:\Users\bohl\Desktop\HiJackThis.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010/12/22 13:37:05 | 000,001,201 | ---- | C] () -- C:\Users\bohl\Desktop\DVDVideoSoft Free Studio.lnk
[2010/12/21 17:21:02 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk
[2010/12/21 16:38:49 | 151,605,247 | ---- | C] () -- C:\Users\bohl\Desktop\Unstoppable.Ausser.Kontrolle.R5.LD.German.XViD-AOE.vob
[2010/12/20 16:52:42 | 000,000,584 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/19 19:08:12 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/12/19 19:08:12 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/12/19 19:08:06 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/19 18:50:51 | 000,000,977 | ---- | C] () -- C:\Users\bohl\Desktop\CCleaner.lnk
[2010/12/19 16:28:21 | 000,044,517 | ---- | C] () -- C:\Users\bohl\Documents\pinfect.zip
[2010/12/17 18:18:15 | 3462,703,104 | ---- | C] () -- C:\Users\bohl\Desktop\vcf-machete-rip.vob
[2010/12/15 17:53:41 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/12/02 22:37:54 | 000,000,036 | ---- | C] () -- C:\Users\bohl\AppData\Local\housecall.guid.cache
[2010/12/02 21:55:52 | 000,002,971 | ---- | C] () -- C:\Users\bohl\Desktop\HiJackThis.lnk
[2010/09/28 14:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/07/29 23:19:31 | 000,000,000 | ---- | C] () -- C:\Users\bohl\AppData\Roaming\wklnhst.dat
[2010/07/27 21:49:54 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/07/25 13:26:15 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/07/12 21:42:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2010/01/27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/12/21 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Ashampoo
[2010/07/27 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Canneverbe Limited
[2010/12/21 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\DeepBurner
[2010/12/22 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\DVDVideoSoft
[2010/12/21 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\FreeVideoConverter
[2010/12/19 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\QuickScan
[2010/08/08 22:45:05 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\SuperMP3Download
[2010/07/29 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Template
[2010/08/03 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\thecleaner
[2010/11/15 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Tific
[2010/11/22 00:39:23 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Uniblue
[2010/07/06 19:01:57 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\WinBatch
[2010/09/28 23:24:07 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Xeta
[2010/07/01 17:11:37 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\_MDLogs
[2010/11/20 21:27:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010/11/29 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Adobe
[2010/12/21 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Ashampoo
[2010/07/01 16:54:46 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\ATI
[2010/07/27 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Canneverbe Limited
[2010/08/24 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\CyberLink
[2010/12/21 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\DeepBurner
[2010/12/13 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\dvdcss
[2010/12/22 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\DVDVideoSoft
[2010/12/21 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\FreeVideoConverter
[2010/11/17 17:05:36 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Hewlett-Packard
[2010/12/28 21:56:19 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\HP Support Assistant
[2010/12/15 17:58:46 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\hpqLog
[2010/12/28 21:56:19 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\HpUpdate
[2010/07/01 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Identities
[2010/07/01 18:21:20 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Macromedia
[2010/10/22 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Media Center Programs
[2010/12/21 20:33:45 | 000,000,000 | --SD | M] -- C:\Users\bohl\AppData\Roaming\Microsoft
[2010/12/20 16:52:58 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Mozilla
[2010/12/19 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\QuickScan
[2010/09/21 00:03:11 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Skype
[2010/08/08 22:45:05 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\SuperMP3Download
[2010/07/29 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Template
[2010/08/03 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\thecleaner
[2010/11/15 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Tific
[2010/11/22 00:39:23 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Uniblue
[2010/12/06 22:16:44 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\vlc
[2010/12/21 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Winamp
[2010/07/06 19:01:57 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\WinBatch
[2010/07/05 13:29:03 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\WinRAR
[2010/09/28 23:24:07 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Xeta
[2010/09/19 19:15:40 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\Yahoo!
[2010/07/01 17:11:37 | 000,000,000 | ---D | M] -- C:\Users\bohl\AppData\Roaming\_MDLogs
< %APPDATA%\*.exe /s >
[2010/12/02 21:55:52 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\bohl\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010/11/15 19:51:51 | 005,401,704 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\bohl\AppData\Roaming\Uniblue\DriverScanner\_temp\driverscanner.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2010/06/04 05:57:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/06/04 05:57:19 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/06/04 05:55:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/06/04 05:55:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/06/04 05:55:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/06/04 05:57:19 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010/06/04 05:55:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/06/04 05:57:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: IASTORV.SYS >
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: USER32.DLL >
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/29/2010 2:22:01 PM - Run 6
OTL by OldTimer - Version 3.2.18.1 Folder = C:\Users\bohl\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.01 Gb Total Space | 296.46 Gb Free Space | 85.19% Space Free | Partition Type: NTFS
Drive D: | 12.30 Gb Total Space | 1.19 Gb Free Space | 9.67% Space Free | Partition Type: NTFS
Drive G: | 338.22 Gb Total Space | 282.43 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
Computer Name: BOHL-HP | User Name: bohl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B5CF5995-5E0B-967D-3FC5-325089795937}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F9F4430E-80DE-EC0F-BF8E-476352C8F954}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{09F46E3D-EAFB-9390-B6D9-F6DAA73B3ECB}" = CCC Help Finnish
"{0A172278-5048-3BDA-D318-974ED0AA0B95}" = CCC Help Greek
"{0B2536F0-8E7A-340F-9031-1AA60BEFBFD8}" = Catalyst Control Center Graphics Full Existing
"{0D526570-6B8F-3CE9-04DB-16FD2E68FCBE}" = CCC Help Danish
"{0E6CE44A-EE07-1C20-72C8-9A24CA2ED2CB}" = Catalyst Control Center HydraVision Full
"{113F4E2E-416A-33BD-D2A6-39C58AB6ACAC}" = CCC Help Korean
"{1688104B-0261-42FC-D796-CB97EA5159A4}" = CCC Help Thai
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18812D65-95DB-5482-4CAC-3B3B5E5446B0}" = CCC Help Italian
"{1D5B3A03-17FD-EC8F-755B-6164ABFF450A}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{223CCCD3-2217-9AA1-98F0-2879733549D0}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{394F1B21-1FA4-DDE1-C00B-0A3EEA1A94D1}" = ccc-core-static
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40965CEA-43EE-B8D7-09AB-705B5E2A2521}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4680D4CC-5220-6AAF-54D3-C1E75C90A69A}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F11AE1B-452A-2A9B-250D-EDB725E39199}" = CCC Help Russian
"{4F9B4C70-F223-B34B-C7D3-55FC1D2BAD2E}" = CCC Help Chinese Standard
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5906DAFF-9370-2B54-D483-343ABB9BE748}" = Catalyst Control Center Graphics Light
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{659F8F13-E8C5-C4B8-85E7-1D3912C06929}" = Catalyst Control Center Localization All
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6C6B8B89-AC64-4B04-DBE1-992B80C83F1A}" = CCC Help Japanese
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9D9DC4-EDB9-3181-4D1B-E47C34609E0C}" = CCC Help Portuguese
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8966B8B5-D87A-E689-B370-E79B7691299C}" = Catalyst Control Center Core Implementation
"{89EA759B-B9C8-6CB5-6BF2-248961E68809}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{931E11B0-1ACE-438D-90AF-E5D8C64880EF}" = Catalyst Control Center - Branding
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C23A506-3E8B-B91C-4F9B-040518EC792D}" = CCC Help Norwegian
"{9D54290B-CD49-4B36-2EF2-7597FD0D683F}" = CCC Help Swedish
"{A6F42664-73EC-25B0-F3A9-D8CCE53CFB25}" = Catalyst Control Center Graphics Previews Common
"{A7C0BB1A-1546-44D6-1BE0-FB0F84364787}" = HydraVision
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B07E4A53-C39E-9BEB-9716-1953F0EE2953}" = CCC Help French
"{B439A476-119C-13A9-6FB8-B2B2D566CF63}" = CCC Help Spanish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C54BBB47-5D1A-5C82-614E-0D75C1AD92B5}" = Catalyst Control Center Graphics Previews Vista
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C725937A-C6B3-0D07-A765-029FB1FD66B6}" = CCC Help Chinese Traditional
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D228187B-0D49-44C6-DEA8-64F180D14DB9}" = CCC Help Polish
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D74B4F5A-28CB-33E4-AFC2-412B8227C582}" = CCC Help Dutch
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5492B8D-B6DB-C3D2-8309-1B6A766CAF85}" = Catalyst Control Center Graphics Full New
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{F5F38D48-5AF3-EEEC-7E0C-25D516D1DC74}" = CCC Help Czech
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"EasyBits Magic Desktop" = Magic Desktop
"Flatcast_is1" = Flatcast Viewer Plugin 5.3.0.633
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4.10
"Free Video Converter_is1" = Free Video Converter V 2.9
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.16
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MusicStationNetstaller" = MusicStation
"NIS" = Norton Internet Security
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"SuperMp3Download" = Super Mp3 Download
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-106767103-2355787817-237608824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/25/2010 6:01:46 AM | Computer Name = bohl-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\bohl\Desktop\SoftonicDownloader_fuer_panda-anti-rootkit.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 11/25/2010 6:01:48 AM | Computer Name = bohl-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\bohl\Desktop\SoftonicDownloader_fuer_panda-anti-rootkit.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 11/25/2010 2:01:47 PM | Computer Name = bohl-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\bohl\Desktop\SoftonicDownloader_fuer_panda-anti-rootkit.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 11/25/2010 2:01:48 PM | Computer Name = bohl-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\bohl\Desktop\SoftonicDownloader_fuer_panda-anti-rootkit.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 11/25/2010 2:01:58 PM | Computer Name = bohl-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\bohl\Desktop\SoftonicDownloader_fuer_panda-anti-rootkit.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 11/25/2010 2:01:59 PM | Computer Name = bohl-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\bohl\Desktop\SoftonicDownloader_fuer_panda-anti-rootkit.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 11/25/2010 2:02:57 PM | Computer Name = bohl-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$RECYCLE.BIN\S-1-5-21-106767103-2355787817-237608824-1000\$RGWG9QS.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 11/30/2010 7:05:55 PM | Computer Name = bohl-HP | Source = Application Hang | ID = 1002
Description = Programm WAtlas.exe, Version 0.0.0.12 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8d4 Startzeit:
01cb90e311a7f4a2 Endzeit: 0 Anwendungspfad: C:\Programme\Systhema\3D-Globus\WAtlas.exe
Berichts-ID:
5b3dc242-fcd6-11df-8d59-78e7d187030e
Error - 11/30/2010 7:06:44 PM | Computer Name = bohl-HP | Source = Application Hang | ID = 1002
Description = Programm WAtlas.exe, Version 0.0.0.12 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 89c Startzeit:
01cb90e335331184 Endzeit: 15 Anwendungspfad: C:\Programme\Systhema\3D-Globus\WAtlas.exe
Berichts-ID:
7cd4fe2a-fcd6-11df-8d59-78e7d187030e
Error - 12/3/2010 4:35:34 PM | Computer Name = bohl-HP | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3951 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea0 Startzeit:
01cb931a865cb6f2 Endzeit: 39 Anwendungspfad: G:\firefox\firefox.exe Berichts-ID:
[ Hewlett-Packard Events ]
Error - 8/6/2010 2:03:05 PM | Computer Name = bohl-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF
bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 9/1/2010 2:28:26 PM | Computer Name = bohl-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()
Error - 9/29/2010 1:10:33 PM | Computer Name = bohl-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()
Error - 12/6/2010 3:07:15 PM | Computer Name = bohl-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF
bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
[ Media Center Events ]
Error - 9/7/2010 3:39:27 PM | Computer Name = bohl-HP | Source = MCUpdate | ID = 0
Description = 21:39:27 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
[ System Events ]
Error - 10/17/2010 3:03:07 PM | Computer Name = bohl-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error - 10/17/2010 3:03:28 PM | Computer Name = bohl-HP | Source = PNRPSvc | ID = 102
Description =
Error - 10/17/2010 3:03:28 PM | Computer Name = bohl-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 10/17/2010 3:03:28 PM | Computer Name = bohl-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 10/17/2010 3:03:38 PM | Computer Name = bohl-HP | Source = PNRPSvc | ID = 102
Description =
Error - 10/17/2010 3:03:38 PM | Computer Name = bohl-HP | Source = PNRPSvc | ID = 102
Description =
Error - 10/17/2010 3:03:38 PM | Computer Name = bohl-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 10/17/2010 3:03:38 PM | Computer Name = bohl-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 10/17/2010 3:03:38 PM | Computer Name = bohl-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 10/17/2010 3:03:38 PM | Computer Name = bohl-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
|
|
29.12.2010, 14:53
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe Poste bitte alle Logs von malwarebytes!
__________________
__________________ |
|
29.12.2010, 18:35
| #4 |
| | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe mein aktuellster Malwarebytes logfile: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5416 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 29.12.2010 18:33:36 mbam-log-2010-12-29 (18-33-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 293626 Laufzeit: 31 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
29.12.2010, 18:59
| #5 |
| | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe mein anschliessender Hijack Logfile nach entfernen der infizierten Dateien von Malewarbytes: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:57:41, on 29.12.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\trend micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Osthessen-News - Nachrichten aus Osthessen R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe O23 - Service: NMSAccess - Unknown owner - G:\CDBurnerXP\NMSAccessU.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6858 bytes |
|
29.12.2010, 20:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ --> Firefox wechselt auf andere Seiten dazu Logfile von otl.exe |
|
29.12.2010, 21:34
| #7 |
| | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe hier die letzten 2 vorhergehenden Logfiles 1. 22.12.2010 Malwarebytes' Anti-Malware 1.50 Malwarebytes Datenbank Version: 5351 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 22.12.2010 12:27:25 mbam-log-2010-12-22 (12-27-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 292029 Laufzeit: 20 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 2. Logfile 19.12.2010 Malwarebytes' Anti-Malware 1.50 Malwarebytes Datenbank Version: 5351 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 19.12.2010 19:53:29 mbam-log-2010-12-19 (19-53-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 287170 Laufzeit: 30 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
29.12.2010, 21:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.12.2010, 23:12
| #9 |
| | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe mein Cofi.exe Logfile Combofix Logfile: Code:
ATTFilter ComboFix 10-12-29.01 - bohl 29.12.2010 23:00:06.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.2733 [GMT 1:00]
ausgeführt von:: c:\users\xxxx\Downloads\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
G:\WinRAR.exe
----- BITS: Eventuell infizierte Webseiten -----
hxxp://buy-download.norton.com
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
((((((((((((((((((((((( Dateien erstellt von 2010-11-28 bis 2010-12-29 ))))))))))))))))))))))))))))))
.
2010-12-29 22:03 . 2010-12-29 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-29 22:03 . 2010-12-29 22:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-12-29 21:20 . 2010-12-29 21:20 -------- d-----w- c:\users\bohl\AppData\Roaming\COMPUTERBILD-Abzockschutz
2010-12-28 22:56 . 2010-12-28 22:56 -------- d-----w- C:\_OTL
2010-12-22 21:55 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2010-12-22 21:54 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2010-12-22 21:54 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2010-12-22 21:53 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2010-12-22 18:27 . 2010-12-22 18:27 -------- d-----w- c:\program files (x86)\Secunia
2010-12-22 18:15 . 2010-12-22 18:15 -------- d-----w- c:\users\bohl\AppData\Local\Secunia PSI
2010-12-22 18:15 . 2010-12-22 18:26 -------- d-----w- c:\users\bohl\PSI
2010-12-22 13:24 . 2010-12-22 13:24 -------- d-----w- c:\users\bohl\AppData\Roaming\DVDVideoSoft
2010-12-22 12:36 . 2010-12-22 12:36 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2010-12-22 12:36 . 2010-12-22 12:37 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2010-12-22 12:28 . 2010-12-22 12:28 -------- d-----w- c:\program files\WinPcap
2010-12-21 20:32 . 2010-12-21 20:32 -------- d-----w- c:\program files (x86)\Astonsoft
2010-12-21 20:26 . 2010-12-21 20:26 -------- d-----w- c:\users\bohl\AppData\Local\CrashDumps
2010-12-21 20:24 . 2010-12-21 20:27 -------- d-----w- c:\users\bohl\AppData\Roaming\DeepBurner
2010-12-21 16:24 . 2010-12-21 16:24 -------- d-----w- c:\users\bohl\AppData\Roaming\Ashampoo
2010-12-21 16:21 . 2010-12-21 16:21 -------- d-----w- c:\users\bohl\AppData\Local\ashampoo
2010-12-21 16:21 . 2010-12-21 16:21 -------- d-----w- c:\programdata\ashampoo
2010-12-20 23:29 . 2010-12-20 23:29 -------- d-----w- c:\programdata\Recovery
2010-12-19 22:18 . 2010-12-19 22:18 -------- d-----w- c:\program files (x86)\COMPUTERBILD-Abzockschutz
2010-12-19 20:26 . 2010-12-19 20:26 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2010-12-19 18:08 . 2010-12-19 18:08 -------- d-----w- c:\program files\Symantec
2010-12-19 18:07 . 2010-12-19 18:07 -------- d-----w- c:\program files (x86)\Norton Internet Security
2010-12-19 18:07 . 2010-12-19 18:07 -------- d-----w- c:\program files (x86)\NortonInstaller
2010-12-19 17:06 . 2010-12-19 17:25 -------- d-----w- c:\program files (x86)\Norton 360
2010-12-19 17:04 . 2010-12-19 17:04 -------- d-----w- c:\programdata\PCSettings
2010-12-19 13:35 . 2010-12-19 13:35 -------- d---a-w- c:\windows\VDLL.DLL
2010-12-19 13:35 . 2010-12-19 13:35 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2010-12-19 13:35 . 2010-12-19 13:35 -------- d---a-w- c:\windows\rundll16.exe
2010-12-19 13:35 . 2010-12-19 13:35 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-12-19 13:35 . 2010-12-19 13:35 -------- d---a-w- c:\windows\logo1_.exe
2010-12-19 13:35 . 2010-12-19 13:35 -------- d---a-w- c:\windows\logo_1.exe
2010-12-19 13:34 . 2010-12-19 13:34 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2010-12-19 13:34 . 2010-12-19 13:34 -------- d-----w- c:\programdata\MicroWorld
2010-12-15 16:52 . 2010-12-15 16:52 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-07 19:28 . 2010-12-29 21:24 -------- d-----w- c:\program files\CCleaner
2010-12-06 20:14 . 2010-12-06 20:14 -------- d-----w- c:\windows\Sun
2010-12-02 21:38 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2010-12-02 20:55 . 2010-12-02 20:55 388096 ----a-r- c:\users\bohl\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-27 16:47 . 2010-07-07 17:38 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-20 17:09 . 2010-10-22 18:36 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-12 17:53 . 2010-10-16 19:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-10-27 12:28 . 2010-12-15 16:58 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-08 00:12 . 2010-11-21 23:44 8006480 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A314095-D177-42AE-9366-0108A9D2B09B}\mpengine.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
R2 ezSharedSvc;Easybits Services for Windows; [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [2010-06-13 450096]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [2010-07-29 821808]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101228.001\IDSvia64.sys [2010-11-09 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [2010-06-27 168496]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [2010-07-13 381488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-10 202752]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-10 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-10 188928]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-19 132656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
Inhalt des "geplante Tasks" Ordners
2010-12-29 c:\windows\Tasks\HPCeeScheduleForbohl.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF190.cfxxe" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.osthessennews.de/
mStart Page =
mLocal Page =
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\bohl\AppData\Roaming\Mozilla\Firefox\Profiles\up0egl02.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - g:\mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
g:\cdburnerxp\NMSAccessU.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-29 23:08:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-12-29 22:08
ComboFix2.txt 2010-12-19 16:28
Vor Suchlauf: 11 Verzeichnis(se), 319.943.331.840 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 319.439.028.224 Bytes frei
- - End Of File - - 5B12D1CE7FF405FEDF7F77C8AC4DF535
|
|
30.12.2010, 10:52
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox wechselt auf andere Seiten dazu Logfile von otl.exeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2010, 12:34
| #11 |
| | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe ich habe jetzt Norton mit norton-removal deinstalliert Windows Defender deaktiviert und Avira Antivir stattdessen installiert. Windows Firewall ist aktiviert wenn falsch, dann bitte hier mitteilen da ich ja eigentlich eine Firewall über Fritzbox habe. Und vielen dank erstmal bis hierher |
|
30.12.2010, 12:36
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe Ist so ok. Ok. Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2010, 12:42
| #13 |
| | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe mein Logfile von MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: FOXCONN BIOS Manufacturer: American Megatrends Inc. System Manufacturer: Hewlett-Packard System Product Name: G5126de Logical Drives Mask: 0x0000007c Kernel Drivers (total 178): 0x02A19000 \SystemRoot\system32\ntoskrnl.exe 0x02FF5000 \SystemRoot\system32\hal.dll 0x00BB7000 \SystemRoot\system32\kdcom.dll 0x00CCB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D0F000 \SystemRoot\system32\PSHED.dll 0x00D23000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00E48000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EEC000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EFB000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F52000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F5B000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F65000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F98000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00FA5000 \SystemRoot\System32\drivers\partmgr.sys 0x00FBA000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00D81000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FCF000 \SystemRoot\system32\DRIVERS\intelide.sys 0x00FD7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys 0x00E1A000 \SystemRoot\system32\DRIVERS\atapi.sys 0x01015000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x0103F000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x0104A000 \SystemRoot\system32\drivers\fltmgr.sys 0x01096000 \SystemRoot\system32\drivers\fileinfo.sys 0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys 0x010AA000 \SystemRoot\System32\Drivers\msrpc.sys 0x013A6000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01108000 \SystemRoot\System32\Drivers\cng.sys 0x013C0000 \SystemRoot\System32\drivers\pcw.sys 0x013D1000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014E5000 \SystemRoot\system32\drivers\ndis.sys 0x01400000 \SystemRoot\system32\drivers\NETIO.SYS 0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01603000 \SystemRoot\System32\drivers\tcpip.sys 0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0117B000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x014D5000 \SystemRoot\System32\Drivers\spldr.sys 0x01860000 \SystemRoot\System32\drivers\rdyboost.sys 0x0189A000 \SystemRoot\System32\Drivers\mup.sys 0x018AC000 \SystemRoot\System32\drivers\hwpolicy.sys 0x018B5000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x018EF000 \SystemRoot\system32\DRIVERS\disk.sys 0x01905000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x0196B000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01995000 \SystemRoot\System32\Drivers\Null.SYS 0x0199E000 \SystemRoot\System32\Drivers\Beep.SYS 0x019A5000 \SystemRoot\System32\drivers\vga.sys 0x019B3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x019D8000 \SystemRoot\System32\drivers\watchdog.sys 0x019E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x019F1000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01800000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01809000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01814000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01825000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01843000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C27000 \SystemRoot\system32\drivers\afd.sys 0x02CB1000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02CF6000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02CFF000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D25000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D34000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02D4F000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02D63000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02DB4000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02DC0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02DCB000 \SystemRoot\System32\drivers\discache.sys 0x02DDA000 \SystemRoot\System32\Drivers\dfsc.sys 0x02C00000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x015D7000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02C11000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x011C7000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x03A0A000 \SystemRoot\system32\DRIVERS\atipmdag.sys 0x04079000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x0416D000 \SystemRoot\System32\drivers\dxgmms1.sys 0x041B3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04267000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x042BE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x042CB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04321000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x04332000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x0433B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x0434B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x04361000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x04385000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04391000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x043C0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x043DB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04200000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x0421A000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04229000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x04238000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04443000 \SystemRoot\system32\DRIVERS\ks.sys 0x04486000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04498000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x044F2000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04507000 \SystemRoot\system32\drivers\AtiHdmi.sys 0x04529000 \SystemRoot\system32\drivers\portcls.sys 0x04566000 \SystemRoot\system32\drivers\drmk.sys 0x04588000 \SystemRoot\system32\drivers\ksthunk.sys 0x050F2000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x0531D000 \SystemRoot\System32\Drivers\crashdmp.sys 0x0532B000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x05337000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x05340000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x000E0000 \SystemRoot\System32\win32k.sys 0x05353000 \SystemRoot\System32\drivers\Dxapi.sys 0x0535F000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x0537C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0537E000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x0538C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x053A5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x053AE000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x053BC000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x053C9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x053E4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x005B0000 \SystemRoot\System32\TSDDD.dll 0x006D0000 \SystemRoot\System32\cdd.dll 0x008C0000 \SystemRoot\System32\ATMFD.DLL 0x05000000 \SystemRoot\system32\drivers\luafv.sys 0x05023000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x05038000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0603F000 \SystemRoot\system32\drivers\HTTP.sys 0x06107000 \SystemRoot\system32\DRIVERS\bowser.sys 0x06125000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0613D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0616A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x061B8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x061DB000 \SystemRoot\system32\drivers\npf.sys 0x068A1000 \SystemRoot\system32\drivers\peauth.sys 0x06947000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06952000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0697F000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06991000 \SystemRoot\System32\DRIVERS\srv2.sys 0x06800000 \SystemRoot\System32\DRIVERS\srv.sys 0x06000000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x06022000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x779E0000 \Windows\System32\ntdll.dll 0x47C40000 \Windows\System32\smss.exe 0xFFD00000 \Windows\System32\apisetschema.dll 0xFFE80000 \Windows\System32\autochk.exe 0xFFCE0000 \Windows\System32\lpk.dll 0xFFC40000 \Windows\System32\clbcatq.dll 0xFFBD0000 \Windows\System32\gdi32.dll 0xFFAA0000 \Windows\System32\wininet.dll 0xFF9D0000 \Windows\System32\usp10.dll 0xFF7F0000 \Windows\System32\setupapi.dll 0x77BB0000 \Windows\System32\normaliz.dll 0xFF710000 \Windows\System32\oleaut32.dll 0xFF690000 \Windows\System32\difxapi.dll 0xFF670000 \Windows\System32\sechost.dll 0xFE8E0000 \Windows\System32\shell32.dll 0xFE890000 \Windows\System32\Wldap32.dll 0x77BA0000 \Windows\System32\psapi.dll 0xFE780000 \Windows\System32\msctf.dll 0x778C0000 \Windows\System32\kernel32.dll 0xFE6A0000 \Windows\System32\advapi32.dll 0xFE600000 \Windows\System32\msvcrt.dll 0xFE5B0000 \Windows\System32\ws2_32.dll 0xFE510000 \Windows\System32\comdlg32.dll 0xFE4F0000 \Windows\System32\imagehlp.dll 0xFE2E0000 \Windows\System32\ole32.dll 0xFE1B0000 \Windows\System32\rpcrt4.dll 0xFE180000 \Windows\System32\imm32.dll 0xFE100000 \Windows\System32\shlwapi.dll 0xFDF80000 \Windows\System32\urlmon.dll 0x777C0000 \Windows\System32\user32.dll 0xFDF70000 \Windows\System32\nsi.dll 0xFDD10000 \Windows\System32\iertutil.dll 0xFDCF0000 \Windows\System32\devobj.dll 0xFDC50000 \Windows\System32\comctl32.dll 0xFDC10000 \Windows\System32\cfgmgr32.dll 0xFDBA0000 \Windows\System32\KernelBase.dll 0xFDB60000 \Windows\System32\wintrust.dll 0xFD9F0000 \Windows\System32\crypt32.dll 0xFD9E0000 \Windows\System32\msasn1.dll 0x77030000 \Windows\SysWOW64\normaliz.dll Processes (total 55): 0 System Idle Process 4 System 268 C:\Windows\System32\smss.exe 400 csrss.exe 472 C:\Windows\System32\wininit.exe 480 csrss.exe 528 C:\Windows\System32\services.exe 548 C:\Windows\System32\lsass.exe 560 C:\Windows\System32\lsm.exe 584 C:\Windows\System32\winlogon.exe 760 C:\Windows\System32\svchost.exe 848 C:\Windows\System32\svchost.exe 896 C:\Windows\System32\atiesrxx.exe 980 C:\Windows\System32\svchost.exe 244 C:\Windows\System32\svchost.exe 404 C:\Windows\System32\svchost.exe 696 C:\Windows\System32\svchost.exe 1080 C:\Windows\System32\atieclxx.exe 1204 C:\Windows\System32\svchost.exe 1364 C:\Windows\System32\spoolsv.exe 1432 C:\Windows\System32\svchost.exe 1536 C:\Windows\System32\svchost.exe 1648 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 1688 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 1748 G:\CDBurnerXP\NMSAccessU.exe 1768 C:\Windows\System32\svchost.exe 1824 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1316 C:\Windows\System32\SearchIndexer.exe 2060 C:\Windows\System32\svchost.exe 2304 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2424 C:\Windows\System32\taskhost.exe 2700 C:\Windows\System32\dwm.exe 2772 C:\Windows\explorer.exe 2872 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe 2892 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2912 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3008 C:\Program Files (x86)\Internet Explorer\iexplore.exe 1592 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2180 C:\Program Files\Windows Media Player\wmpnetwk.exe 3936 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe 3988 C:\Windows\System32\svchost.exe 2228 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 964 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1396 C:\Windows\System32\conhost.exe 3812 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 3800 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3972 G:\Mozilla\firefox.exe 1560 G:\Mozilla\firefox.exe 3716 G:\Mozilla\firefox.exe 2044 C:\Windows\System32\audiodg.exe 2120 C:\Windows\System32\SearchProtocolHost.exe 3328 C:\Windows\System32\SearchFilterHost.exe 3088 C:\Windows\System32\dllhost.exe 2816 C:\Users\bohl\Downloads\MBRCheck.exe 1400 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ab`95800000 (NTFS) \\.\G: --> \\.\PhysicalDrive0 at offset 0x00000057`07200000 (NTFS) PhysicalDrive0 Model Number: ST3750528AS, Rev: HP34 Size Device Name MBR Status -------------------------------------------- 698 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: CCF356FEC6D9BBB29EF3EF1E4270A2B799955EA4 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
|
30.12.2010, 13:08
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox wechselt auf andere Seiten dazu Logfile von otl.exeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2010, 13:46
| #15 |
| | Firefox wechselt auf andere Seiten dazu Logfile von otl.exe nein leider nur eine selbst hergestellte Revoery-CD die ich gleich nach Kauf selbst gebrannt habe, da der PC ohne Cd beim Kauf war. |
|
| Themen zu Firefox wechselt auf andere Seiten dazu Logfile von otl.exe |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, adobe, antivir, autorun, avg, avgnt, avira, bho, c:\windows\system32\rundll32.exe, cdburnerxp, defender, driverscanner, error, explorer, firefox, firefox.exe, format, google, hijack, home, home premium, intranet, intrusion prevention, keine funde, location, logfile, malewarbytes, media center, mozilla, nvstor.sys, oldtimer, otl.exe, plug-in, problem, programdata, realtek, registry, rundll, scan, security, skype.exe, software, staropen, symantec, syswow64, webcheck, windows, wrapper |
Linear-Darstellung
