Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor + "in einer Minute wird der rechner runtergefahren"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.08.2010, 18:26   #1
Jan75
 
Antimalware Doctor + "in einer Minute wird der rechner runtergefahren" - Standard

Antimalware Doctor + "in einer Minute wird der rechner runtergefahren"



Moin, ich habe mir den antimalware doctor eingefangen.
habe bereits eure Anweisungen in verschiedenen Posts befolgt und antimalware findet auch nichts mehr. das icon und das fenster des docs sind verschwunden,aber wenn ich vista normal ausführe poppt immer das fenster auf und der rechner wird runtergefahren. ist das ein anderes problem oder ist es immer noch der doc?
danke

otl log:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.08.2010 20:13:45 - Run 4
OTL by OldTimer - Version 3.2.1.2     Folder = J:\
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,83 Gb Total Space | 7,82 Gb Free Space | 19,64% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 5,61 Gb Free Space | 22,98% Space Free | Partition Type: NTFS
Drive E: | 157,38 Gb Total Space | 13,50 Gb Free Space | 8,58% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 980,72 Mb Total Space | 187,84 Mb Free Space | 19,15% Space Free | Partition Type: FAT
Drive L: | 465,75 Gb Total Space | 54,85 Gb Free Space | 11,78% Space Free | Partition Type: NTFS
 
Computer Name: J
Current User Name: J
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036D1503-81D1-451A-958D-9893E85ADD26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1440EC08-3FBC-4528-A668-65BD0863B0D2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2113DAF8-7675-486A-8CE1-91C4A678EE11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{2233E7E3-78F4-4EF3-A366-F5E4FDBD24C0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{23F8D42B-EB53-40D9-AFB2-BAC176FB0473}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{250CE496-D707-4B67-882E-B68F61084629}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34F9D6EE-08BA-4992-9182-A53A63415A4F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{384B48B8-EBA6-4384-940D-94FE9629C6B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38B92889-AA0C-4346-9359-292561205422}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3C44B8AB-8CE7-488D-A14B-DA8E7DA59E07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3FC82D56-1AAC-470A-9073-6DDBCE187420}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{500A0EAF-9609-4775-8A6C-628502313220}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{511D814D-7BE0-41BE-A821-A62733DC5153}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5897B49C-6B33-47FF-9B22-0303915F9E1D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5A4433F4-7C32-4132-8375-D61D12C82B22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B4BF945-35E4-4133-AC95-6A91A9561960}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{70B8E539-BC86-4DAE-AC19-B4D9323493B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7289A26D-CC04-4F13-A325-27F9917480F3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75A73D45-C4FE-412C-906D-70C7E4D89BA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79CFC644-CDE9-4B95-A968-76C655879748}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8666CEAF-2E19-4584-934E-6796364B767D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{96042448-B308-45DF-918E-9F6396C227A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{97C0A754-9417-4DEE-8096-1D0AC28F856D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{9C4248F2-39F1-4AD1-A0E2-9DC7D3C66DF7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9EDC4691-E30E-4873-94D2-702FE0332477}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{9F7CEB83-BFBE-4A2E-A555-799B64DC803C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A0795B77-67AD-4737-B89D-6BE998E773ED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1550EDF-D237-42A1-A13A-A009B0469380}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A5EE3B7B-A9B1-4F27-879E-79B4BEE121C4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AABD128D-FEC9-466B-93B0-A82885A99C8C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB90CA5B-8D5E-4C59-B21E-07761F3BD711}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC127C63-4063-4BAD-BDEF-1A7774CA8AF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B30E17E2-9B1B-4672-B193-337F719A517E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B5545E36-1DD8-4CD2-B965-1988603E4964}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BBB8ED27-01F0-411E-8793-85E4D9AA5633}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD94A852-5998-4804-954E-10CE0418431B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CF07D48E-3C9C-4ED6-99BD-79E040E05A20}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D46CB072-1BE3-41AA-AC9F-CF7BD6EBCE3D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D54682F8-06E4-4143-B94A-25A8EE8467E2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D7AED66A-AA26-4BB2-8B24-C0E8867D8E31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EF850CDC-0FC4-4B38-9BE0-8206E62785C2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F0041BB1-A57F-4084-90D7-F9A3AA638DDB}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{F1F2BD8C-42AC-4889-B2BA-C9E224610349}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000764AA-91DA-49D5-9FC0-9051A97743D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{02126EAC-67F0-4A2E-9F58-E49D00DDBE52}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{0E7E3FC2-70E0-4C56-94F6-A78AD4AFB101}" = protocol=17 | dir=in | app=e:\games\demigod\stardock games\demigod\bin\demigod.exe | 
"{13170BF1-35B1-4E67-ADA8-7C6B34B3E059}" = protocol=17 | dir=in | app=e:\games\ac2\assassinscreedii.exe | 
"{141B8E4B-6EA8-4B02-8199-4AAC32479682}" = protocol=6 | dir=in | app=e:\games\hawx\hawx.exe | 
"{14270563-A9C8-479A-AE35-E108EC58095E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{15AE5910-67D7-48BD-8391-AB072582464B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1631E23E-C585-4547-9B66-A728B0A43868}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{1913D62A-DE5D-4F1D-A2A0-4B46E6409F09}" = protocol=17 | dir=in | app=e:\games\hawx\hawx_dx10.exe | 
"{1BFA6F11-06DB-4EA6-9DA1-9B32FE606E4A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1FD9EF68-56DC-4160-87AD-F117A860DEF1}" = protocol=6 | dir=in | app=e:\games\crysis\bin32\crysis.exe | 
"{2653F941-635D-49BF-AA93-B3DB232357C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{270D6DB5-F21F-443A-B8F0-7732ADE340C3}" = protocol=6 | dir=in | app=e:\bfbcbeta\bfbc2betaupdater.exe | 
"{272368F9-15B3-49EE-9D8F-B22FA8CBD35C}" = protocol=17 | dir=in | app=e:\games\ac2\assassinscreediigame.exe | 
"{28A8FA27-8E7E-4641-88AB-CE5C68734B30}" = protocol=6 | dir=in | app=e:\games\overlord2\overlord2.exe | 
"{2C62B3B0-CF80-41D7-96FA-2A1DA0AAD038}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2EEB6352-C62D-4F6C-92E1-5BB5F2690139}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{2FC58807-8895-4A3D-BE1B-46266E535BF4}" = protocol=6 | dir=out | app=system | 
"{3203133D-8148-450C-84A1-FCEB39967028}" = protocol=6 | dir=in | app=e:\games\frontlines\binaries\ffow.exe | 
"{3284E3B4-2D21-4B2B-8D0E-99A0862DB095}" = protocol=6 | dir=in | app=e:\games\ac2\uplaybrowser.exe | 
"{33FE3D85-AD12-4D3B-A7D1-7BF7D1703163}" = protocol=17 | dir=in | app=e:\games\guerllia\rfg.exe | 
"{3440B99D-A37B-43AA-A08D-776D2A779FF3}" = protocol=17 | dir=in | app=e:\games\dragon age\bin_ship\daorigins.exe | 
"{35032DD8-AC1B-4251-B39B-2616FEECF576}" = protocol=17 | dir=in | app=e:\games\cod4\iw3mp.exe | 
"{358EDB64-D377-4D8E-BD02-EE8011728C01}" = protocol=6 | dir=out | app=system | 
"{39B205EA-79CE-4EB5-8E96-B5764A36046B}" = protocol=17 | dir=in | app=e:\games\frontlines\binaries\ffow.exe | 
"{39B6E018-03CB-473E-854E-AECC937659A7}" = protocol=6 | dir=in | app=e:\games\kalypso\sins of a solar empire\sins of a solar empire.exe | 
"{3A8F5821-FEBC-4C39-AD07-7BE869C7084D}" = protocol=17 | dir=in | app=e:\games\sf 4\streetfighteriv.exe | 
"{3B305789-DE47-4823-90B7-765B140D6B37}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe | 
"{3D85EC3E-4EA8-49E1-8794-62DBCE2BC7F7}" = protocol=6 | dir=in | app=e:\games\farcry2\far cry 2\bin\fc2launcher.exe | 
"{3E445B6C-CEB1-4B6A-9A49-7C464B446844}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{401D906F-5F81-46EF-8A01-3248C8BE3012}" = protocol=6 | dir=in | app=e:\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{42C0AE99-4802-44A3-82D4-850B10F1B7BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{431BB020-7FF4-44A9-9D0B-6DBD036D8457}" = protocol=17 | dir=in | app=e:\games\assassins creed\assassinscreed_launcher.exe | 
"{448E172D-CE91-4CFB-B069-920DA4309E7B}" = protocol=6 | dir=in | app=e:\games\ac2\assassinscreedii.exe | 
"{451428C8-12BA-4D66-BB92-2525865A3D02}" = protocol=6 | dir=in | app=e:\games\farcry2\far cry 2\bin\fc2editor.exe | 
"{454E8A7F-F5B3-4B64-BB89-F7E86BE7687E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{47D4F779-99C3-425B-B6EB-90FA607ED227}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4844F2F2-078A-4F94-9D15-2D821ADE631F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{4C6D4888-B8BD-4311-B4CF-6286B7AF7DA0}" = protocol=6 | dir=in | app=e:\games\dragon age\daoriginslauncher.exe | 
"{4F134C27-3AF0-4EFD-BBBB-97DFDAF53CBE}" = protocol=6 | dir=in | app=e:\games\darksector\ds.exe | 
"{502215B2-0A33-4BBE-858F-F21647950029}" = protocol=6 | dir=in | app=e:\games\assassins creed\assassinscreed_dx10.exe | 
"{54AFDC86-9B13-49EC-BB72-93BA284AC1D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{56E56616-CB96-4268-AF24-55AE031FB2D8}" = protocol=17 | dir=in | app=e:\games\civ4\beyond the sword\civ4beyondsword.exe | 
"{5AE5528B-53DC-4360-8F7B-59068EF4058E}" = protocol=17 | dir=in | app=e:\games\farcry2\far cry 2\bin\farcry2.exe | 
"{5CACAF03-68C5-4D79-90AD-CF2FE6540C94}" = protocol=6 | dir=in | app=e:\games\bioshock2\mp\builds\binaries\bioshock2.exe | 
"{60B1054E-099E-41A0-AE21-D5BB2D428518}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{661C3F12-1D31-486C-B76D-FF017A5518C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67E7139E-827B-43B8-9278-B1D6F2E1AB29}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{69405A13-988E-46DB-A36D-B4F59E9ECC63}" = protocol=17 | dir=in | app=e:\games\bioshock2\mp\builds\binaries\bioshock2.exe | 
"{69F81005-3FEA-4A05-93AC-F554FA40C38C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{6A950D7F-2EF6-49C7-9947-FA216C7474DC}" = protocol=6 | dir=in | app=e:\games\civ4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{6CFE54FB-862A-4C97-8770-446C13084FCB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6D2A7C0F-DA10-4E39-B466-61CB3C383E8B}" = protocol=17 | dir=in | app=e:\games\crysis\bin32\crysisdedicatedserver.exe | 
"{6E128833-C1F5-48C0-B1AC-0F0AA09F815E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{718AB4BD-06E5-498F-95DE-E59CAD89B29B}" = protocol=17 | dir=in | app=e:\bfbcbeta\bfbc2betaupdater.exe | 
"{7C371350-FB48-4FD5-AC65-7B9A2E91B52B}" = protocol=17 | dir=in | app=e:\games\ac2\uplaybrowser.exe | 
"{7DD42507-B2D5-42E4-AB5A-7B96EF69EBBF}" = protocol=6 | dir=in | app=e:\games\assassins creed\assassinscreed_dx9.exe | 
"{82BC9755-B9AC-4AE1-A446-BC1055B29549}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{846546D3-8998-413B-8CD6-37353B6FE690}" = protocol=17 | dir=in | app=e:\games\vegas2\binaries\r6vegas2_game.exe | 
"{86087CA9-CDC0-4BC2-AB06-FC370A4D0FAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8609F1BE-26BA-4C53-AF2F-3635B732B8F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8A3C1664-B703-4B96-BB3F-E07070D01EF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AEF27C5-546E-4E95-A7ED-A8D1B6D625F3}" = protocol=6 | dir=in | app=e:\games\sf 4\streetfighteriv.exe | 
"{8C4A7D94-B2D5-4766-AFD6-D0CD85452901}" = protocol=17 | dir=in | app=e:\games\bioshock2\sp\builds\binaries\bioshock2.exe | 
"{8CCF5727-927A-4298-99B3-37F2677E9AC4}" = protocol=6 | dir=in | app=e:\games\vegas2\binaries\r6vegas2_launcher.exe | 
"{8E427178-A949-494C-8525-6F9B294981C8}" = protocol=6 | dir=in | app=e:\games\bioshock2\sp\builds\binaries\bioshock2.exe | 
"{8F279C42-14E6-4204-A3FB-B4AC6686557D}" = protocol=6 | dir=in | app=e:\games\badcompany\bfbc2updater.exe | 
"{941B4A15-5DEC-43F4-AC1D-0730E920E168}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{95D4A90B-4756-4B69-9EB5-AE7B0CC21CCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{972EEE2E-B745-4C57-B9AF-049B8BD60474}" = protocol=17 | dir=in | app=e:\games\civ4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{991E79A2-B871-433F-A534-80EDDFB76550}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{99F53CF7-00CC-4F96-9741-F1FE51832D60}" = protocol=17 | dir=in | app=e:\games\assassins creed\assassinscreed_dx10.exe | 
"{9B4A5777-5439-44C5-A7C5-87A9E8C10D30}" = protocol=17 | dir=in | app=e:\games\farcry2\far cry 2\bin\fc2launcher.exe | 
"{9B7BB8A9-2C9D-4C0A-A270-BA2FDC24E666}" = protocol=6 | dir=in | app=e:\games\ut3\binaries\ut3.exe | 
"{A37A87C8-2639-4BA6-926E-012DDE964FE5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{A3B72FD3-AEE5-42BE-BCB9-1A921735A123}" = protocol=17 | dir=in | app=e:\games\crysis\bin32\crysis.exe | 
"{A530C21D-436D-4DE8-977C-22B8E1F0A11C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{A64E8B61-B91B-413D-AACF-FB137CC26F99}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe | 
"{A7B40284-767F-4787-BEEB-D748047D0A87}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A826A76F-F3C4-4216-BE22-8F3D38A94504}" = protocol=6 | dir=in | app=e:\games\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | 
"{A934E84C-3251-4021-BA1A-ECF76EB46FAA}" = protocol=6 | dir=in | app=e:\games\guerllia\rfg.exe | 
"{AAC1D914-1AE6-4084-BDB8-6FCB377632BC}" = protocol=6 | dir=in | app=e:\games\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | 
"{AD53BAF6-9BB8-4D04-A803-969133ED6E61}" = protocol=17 | dir=in | app=e:\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{B0B49E55-C082-44DD-BD46-5CE4CDC0A92A}" = protocol=17 | dir=in | app=e:\steam\steamapps\jerichoseven\counter-strike source\hl2.exe | 
"{B4FA7DF9-B3E0-4957-B766-8DD103F1D175}" = protocol=17 | dir=in | app=e:\games\ut3\binaries\ut3.exe | 
"{B555E16B-F022-4C90-9837-0ED0D3F74579}" = protocol=6 | dir=in | app=e:\steam\steamapps\jerichoseven\counter-strike source\hl2.exe | 
"{B8EC2E2B-163A-4AED-8E3B-D98AC068BDA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BBA46115-D829-4E59-BD78-471C9373BB6A}" = protocol=17 | dir=in | app=e:\games\farcry2\far cry 2\bin\fc2editor.exe | 
"{BD27E507-FDFA-4D10-AF8D-1763B1114058}" = protocol=6 | dir=in | app=e:\games\civ4\beyond the sword\civ4beyondsword.exe | 
"{C1C54C0F-2813-41A8-A9E9-D484B8F6D0D4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{C3202F9D-E9D8-40B5-8D6E-43ACD7E7C2DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5756BD5-89A0-4E70-B68E-2E4CBC87C479}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C7898F9A-F896-4A80-B428-0478688CE95A}" = protocol=6 | dir=in | app=e:\games\assassins creed\assassinscreed_launcher.exe | 
"{C9003DF7-9638-41E7-BB87-451A0AFC50C6}" = protocol=17 | dir=in | app=e:\games\darksector\ds.exe | 
"{CC396843-6762-490D-8C9B-607D79C97D37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CED7F3B2-D89F-4F90-84B8-15C762D4DF14}" = protocol=17 | dir=in | app=e:\games\vegas2\binaries\r6vegas2_launcher.exe | 
"{D114A282-8AC9-46CC-88F0-272738876447}" = protocol=17 | dir=in | app=e:\games\badcompany\bfbc2updater.exe | 
"{D1896E5C-6B6E-4C6B-8188-0461B097C02F}" = protocol=6 | dir=in | app=e:\games\farcry2\far cry 2\bin\farcry2.exe | 
"{D1BEBF56-88A3-49E2-80F0-D6A3450C69A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D4B9BC14-662A-4D56-8551-756879BDA684}" = protocol=17 | dir=in | app=e:\games\dragon age\daoriginslauncher.exe | 
"{D6DB689C-9F83-4910-ADD9-745ABEAFFFE3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{D8987E2F-86A2-4CF4-A1BD-9B26EB40EA50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DC6E9D6F-F9A1-48C9-8CB0-A5E0E4861234}" = protocol=6 | dir=in | app=e:\games\cod4\iw3mp.exe | 
"{DCF54382-C012-4C4D-83CE-FB0A9AC1A7C6}" = protocol=6 | dir=in | app=e:\games\majesty 2\majesty2.exe | 
"{DDC753FD-3726-4A0D-917B-DBC33773A3BA}" = protocol=6 | dir=in | app=e:\games\ac2\assassinscreediigame.exe | 
"{DFDC66F2-4AB0-49F2-A2A0-9DE02C39FAD7}" = protocol=6 | dir=in | app=e:\games\hawx\hawx_dx10.exe | 
"{E09CE4A8-338E-451E-BE52-1FF520BF8135}" = protocol=17 | dir=in | app=e:\games\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | 
"{E22D3BC7-8A9D-4364-8099-E7EE3C6487EA}" = protocol=17 | dir=in | app=e:\games\assassins creed\assassinscreed_dx9.exe | 
"{E24B8AF8-1505-4049-998D-6400FDB9CB9B}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{EB96EFDA-8B44-426A-9FAF-F2E7B2D9FE85}" = protocol=17 | dir=in | app=e:\games\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | 
"{EC28D84B-2D44-4819-A90B-1D6ADC73B5A9}" = protocol=17 | dir=in | app=e:\games\majesty 2\majesty2.exe | 
"{EDE16812-0402-43D9-870A-ED851ADB01DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{EEA2EFF4-2443-4BA4-8E66-8C7B36EECEFE}" = protocol=6 | dir=in | app=e:\games\dragon age\bin_ship\daorigins.exe | 
"{EF460F69-4A5C-4C9E-B03F-D3EFB1808AA5}" = protocol=17 | dir=in | app=e:\games\overlord2\overlord2.exe | 
"{F33026FD-20EB-412C-80E2-CDBBC96A3CC1}" = protocol=6 | dir=in | app=e:\games\crysis\bin32\crysisdedicatedserver.exe | 
"{F3C119E3-CA32-4702-8E04-300DBCBF091F}" = protocol=6 | dir=in | app=e:\games\vegas2\binaries\r6vegas2_game.exe | 
"{F6F93D84-B00D-4399-926D-E485A10FA8C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F7D99BE6-F77B-4614-9C86-6F51ABA9CFDF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{FADBE423-E882-4CD2-8130-AB801CACAB2A}" = protocol=6 | dir=in | app=e:\games\demigod\stardock games\demigod\bin\demigod.exe | 
"{FCF273FA-8E92-444C-A310-0E0A2F08ABC4}" = protocol=17 | dir=in | app=e:\games\kalypso\sins of a solar empire\sins of a solar empire.exe | 
"{FF606AC6-C673-47D0-9B2A-224640D14567}" = protocol=17 | dir=in | app=e:\games\hawx\hawx.exe | 
"{FFFFBB80-709C-449B-AE2C-F0237368F652}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{0CD38C8E-2E05-4514-AF20-AC96517225AD}J:\emule2\emule applejuice\emule.exe" = protocol=6 | dir=in | app=j:\emule2\emule applejuice\emule.exe | 
"TCP Query User{31ADB512-D911-46E2-A145-CB290AD853A6}E:\games\poc\poc2008\poc3d2008.exe" = protocol=6 | dir=in | app=e:\games\poc\poc2008\poc3d2008.exe | 
"TCP Query User{4E1AD516-2AEF-44B5-B58A-E5D01E1F66F6}E:\games\crysis\bin32\crysis.exe" = protocol=6 | dir=in | app=e:\games\crysis\bin32\crysis.exe | 
"TCP Query User{4F8381DB-EDC9-43C4-AF0A-AC03B1B4EF5E}E:\games\vegas2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=e:\games\vegas2\binaries\r6vegas2_game.exe | 
"TCP Query User{513E8112-8B36-415D-A291-59AF07A1D7FF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{77F7BAB6-1CCA-4A3C-A9A6-B8577A0A98A8}J:\emule applejuice\emule.exe" = protocol=6 | dir=in | app=j:\emule applejuice\emule.exe | 
"TCP Query User{8F2AB37B-9306-4CEA-93AF-8210BE117BB8}J:\esel6\emule applejuice\emule.exe" = protocol=6 | dir=in | app=j:\esel6\emule applejuice\emule.exe | 
"TCP Query User{B0328DB5-2D26-49C8-AE94-EA025F36BF71}G:\emule.v0.48a.applejuice.v2.3.2.bin\emule applejuice\emule.exe" = protocol=6 | dir=in | app=g:\emule.v0.48a.applejuice.v2.3.2.bin\emule applejuice\emule.exe | 
"TCP Query User{BC3FD43A-3630-4294-AA5D-B6CDC881F0D1}J:\emule applejuice\emule.exe" = protocol=6 | dir=in | app=j:\emule applejuice\emule.exe | 
"TCP Query User{C6453C8A-AB3A-41D7-BE44-6AEB2D7F0A03}E:\games\cod4\iw3mp.exe" = protocol=6 | dir=in | app=e:\games\cod4\iw3mp.exe | 
"TCP Query User{ED0B29DD-CEA3-41A2-A0E4-F3E9A1D6156F}J:\emule2\emule applejuice\emule.exe" = protocol=6 | dir=in | app=j:\emule2\emule applejuice\emule.exe | 
"TCP Query User{FD65CDBF-E62C-46C0-A8AF-B7BEA4C4058E}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{071DF5EB-41DA-49CC-83AE-B90C17F091E8}J:\emule applejuice\emule.exe" = protocol=17 | dir=in | app=j:\emule applejuice\emule.exe | 
"UDP Query User{0A48C6A8-36E3-47B9-8D7E-D0F41E578EBD}E:\games\cod4\iw3mp.exe" = protocol=17 | dir=in | app=e:\games\cod4\iw3mp.exe | 
"UDP Query User{0C28C65D-96D0-44E3-92A7-4A1F2FDAAC6B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{11B1547C-C515-41B3-8397-2596D5D18142}J:\emule2\emule applejuice\emule.exe" = protocol=17 | dir=in | app=j:\emule2\emule applejuice\emule.exe | 
"UDP Query User{29094616-2A7F-4324-8C4E-27A768D28674}J:\emule applejuice\emule.exe" = protocol=17 | dir=in | app=j:\emule applejuice\emule.exe | 
"UDP Query User{42336F3B-5DDE-40D1-BDA7-37A8BD6B9DE3}J:\esel6\emule applejuice\emule.exe" = protocol=17 | dir=in | app=j:\esel6\emule applejuice\emule.exe | 
"UDP Query User{43AE5B95-90CA-4B0D-8456-90A222F7A78E}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{665DF6E9-473C-4C5F-A4D4-775172BAF1F3}E:\games\vegas2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=e:\games\vegas2\binaries\r6vegas2_game.exe | 
"UDP Query User{7B1AF3E4-3627-440F-B8BB-4DC08CC092C2}J:\emule2\emule applejuice\emule.exe" = protocol=17 | dir=in | app=j:\emule2\emule applejuice\emule.exe | 
"UDP Query User{9DC1E129-F2A7-4C9A-B4C2-F1CA29C8840A}G:\emule.v0.48a.applejuice.v2.3.2.bin\emule applejuice\emule.exe" = protocol=17 | dir=in | app=g:\emule.v0.48a.applejuice.v2.3.2.bin\emule applejuice\emule.exe | 
"UDP Query User{D2170AFF-48A3-4C58-8A53-AF17FDE44D43}E:\games\crysis\bin32\crysis.exe" = protocol=17 | dir=in | app=e:\games\crysis\bin32\crysis.exe | 
"UDP Query User{FCEF2306-31DA-492F-B0DF-6E0B05B1AD1A}E:\games\poc\poc2008\poc3d2008.exe" = protocol=17 | dir=in | app=e:\games\poc\poc2008\poc3d2008.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0101386E-6E51-4544-A66E-26FA06FF1776}" = Heroes Over Europe
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risiko II
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84559422-6e39-4608-8cd1-b43411ad9a7c}" = Nero 9
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B6E3A14-8D76-48B0-A049-782B493723FD}" = Dark Sector
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C489B6E0-56CB-4B0F-B2E6-FF4C3D9FAE4F}" = TMPGEnc Plus 2.5
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D4FEA244-A9BC-4727-8EA9-B369579F43CF}" = Turning Point - Fall of Liberty
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.5.315
"{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}" = Heroes of Might and Magic V Collector Edition
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}" = O&O Defrag Professional Edition
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9E4BB29-FA98-401B-9EDE-9906906E33DE}" = Paragon Festplatten Manager 2008 Suite
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AudioCS" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20
"File Recover_is1" = File Recover 7.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Impulse" = Impulse
"Indeo® software" = Indeo® software
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C489B6E0-56CB-4B0F-B2E6-FF4C3D9FAE4F}" = TMPGEnc Plus 2.5
"InstallShield_{D4FEA244-A9BC-4727-8EA9-B369579F43CF}" = Turning Point - Fall of Liberty
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"IsoBuster_is1" = IsoBuster 2.3
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Video deluxe 2008 e-version D" = MAGIX Video deluxe 2008 e-version 7.5.1.6 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nikon FotoShare" = Nikon FotoShare
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.06
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 10601" = Empire: Total War - Dahomey Amazons Unit
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"UseNeXT_is1" = UseNeXT
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"XviD_is1" = XviD MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EpyxWinterGames" = EpyxWinterGames
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2010 05:45:39 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 18.02.2010 06:18:39 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 19.02.2010 09:02:33 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 19.02.2010 13:21:12 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 20.02.2010 10:55:52 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 20.02.2010 19:00:01 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 21.02.2010 13:52:47 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 22.02.2010 16:57:28 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 23.02.2010 12:33:34 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
Error - 24.02.2010 14:15:51 | Computer Name = Jerichos | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 01.03.2008 19:38:30 | Computer Name = Jerichos | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 02.03.2008 17:26:06 | Computer Name = Jerichos | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 26.08.2010 12:59:20 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.08.2010 12:59:20 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.08.2010 12:59:20 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.08.2010 12:59:20 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.08.2010 12:59:20 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.08.2010 12:59:20 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.08.2010 12:59:20 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.08.2010 13:05:05 | Computer Name = Jerichos | Source = DCOM | ID = 10005
Description = 
 
Error - 26.08.2010 13:05:06 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.08.2010 13:05:08 | Computer Name = Jerichos | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.08.2010 20:13:45 - Run 4
OTL by OldTimer - Version 3.2.1.2     Folder = J:\
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,83 Gb Total Space | 7,82 Gb Free Space | 19,64% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 5,61 Gb Free Space | 22,98% Space Free | Partition Type: NTFS
Drive E: | 157,38 Gb Total Space | 13,50 Gb Free Space | 8,58% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 980,72 Mb Total Space | 187,84 Mb Free Space | 19,15% Space Free | Partition Type: FAT
Drive L: | 465,75 Gb Total Space | 54,85 Gb Free Space | 11,78% Space Free | Partition Type: NTFS
 
Computer Name: *******
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.25 22:41:24 | 000,562,176 | ---- | M] (OldTimer Tools) -- J:\lichtinsdunkel.exe
PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.04.01 13:37:36 | 000,433,832 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2010.02.22 11:45:54 | 000,390,824 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.25 22:41:24 | 000,562,176 | ---- | M] (OldTimer Tools) -- J:\lichtinsdunkel.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.01 13:33:16 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.02.24 10:28:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.11.01 11:15:04 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.08.17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.01.31 21:21:04 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.16 19:02:33 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.09.04 06:02:24 | 001,295,616 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)
SRV - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.05.29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.05.02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.03.29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.03.01 10:05:20 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:02 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.08.17 00:57:00 | 009,545,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.10 23:07:19 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.10 23:07:19 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.01.31 21:21:04 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008.04.16 18:37:56 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.02.29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.23 18:36:26 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.01.25 11:12:34 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2008.01.24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008.01.24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008.01.24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008.01.24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007.12.17 17:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.12.06 10:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.30 20:05:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32)
DRV - [2007.09.04 17:57:32 | 000,131,736 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007.09.04 17:57:32 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007.09.04 17:57:32 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2007.05.02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007.02.05 10:10:34 | 001,122,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.18 13:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.03.04 05:39:20 | 000,339,776 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111nd5.sys -- (wg111nd5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2010.06.08 19:15:10 | 000,404,967 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 14008 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: J:\sonstiges\dbs1_1024_30bf851a-86cb-4e62-b61d-896cae98add9.jpg
O24 - Desktop BackupWallPaper: J:\sonstiges\dbs1_1024_30bf851a-86cb-4e62-b61d-896cae98add9.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.10.25 13:37:39 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ]
O32 - AutoRun File - [2008.02.23 22:55:05 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O33 - MountPoints2\{80948594-8113-11de-a4ad-0017318ae84c}\Shell - "" = AutoRun
O33 - MountPoints2\{80948594-8113-11de-a4ad-0017318ae84c}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8522afe4-e237-11dc-a711-0017318ae84c}\Shell - "" = AutoRun
O33 - MountPoints2\{8522afe4-e237-11dc-a711-0017318ae84c}\Shell\AutoRun\command - "" = H:\SetupLauncher.exe -- File not found
O33 - MountPoints2\{8522afe6-e237-11dc-a711-0017318ae84c}\Shell - "" = AutoRun
O33 - MountPoints2\{8522afe6-e237-11dc-a711-0017318ae84c}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\{96ea3784-4360-11dd-a2be-0017318ae84c}\Shell - "" = AutoRun
O33 - MountPoints2\{96ea3784-4360-11dd-a2be-0017318ae84c}\Shell\AutoRun\command - "" = L:\start.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.26 16:24:17 | 000,000,000 | ---D | C] -- C:\Users\Jericho\AppData\Roaming\Avira
[2010.08.26 16:23:54 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.08.26 16:23:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.08.26 16:23:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.08.26 16:23:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.08.26 16:23:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.08.26 16:23:53 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.08.26 16:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.26 15:36:30 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.08.26 15:36:30 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.08.26 15:36:30 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.08.26 15:36:16 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.08.26 15:36:16 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.08.26 15:36:15 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.08.26 15:36:15 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.08.26 15:36:14 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.08.26 15:36:10 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.08.26 15:36:10 | 000,000,000 | ---D | C] -- C:\Users\Jericho\AppData\Roaming\PC Tools
[2010.08.26 15:36:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.08.26 15:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.08.25 22:12:46 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.25 21:54:40 | 000,000,000 | ---D | C] -- C:\Users\Jericho\AppData\Roaming\Malwarebytes
[2010.08.25 21:54:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.25 21:54:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.25 21:54:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.25 21:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.25 21:37:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010.08.25 21:04:19 | 000,198,144 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Fxukyb.exe
[2010.08.25 21:01:33 | 000,198,144 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Fxukya.exe
[2010.08.25 21:00:49 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.08.25 20:59:43 | 000,000,000 | ---D | C] -- C:\Users\Jericho\AppData\Roaming\EA86D57A04E14FD6D5AB92B418AA0A4A
[2010.08.16 20:04:20 | 000,000,000 | ---D | C] -- C:\Programme\MegaDev
[2010.08.11 17:20:05 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.08.11 17:20:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.08.11 17:20:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.08.11 17:16:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 17:16:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 17:16:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 17:16:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 17:16:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 17:16:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 17:16:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 17:16:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 17:16:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 17:16:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 17:16:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 17:16:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 17:16:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 17:16:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 17:16:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 17:15:55 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.08.11 17:15:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.08.11 17:15:50 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 17:15:50 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 17:15:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 17:15:44 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 17:15:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.08.11 17:15:36 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.10 16:53:20 | 000,000,000 | ---D | C] -- C:\Users\Jericho\Documents\My Games
[2010.02.28 17:51:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jericho\AppData\Roaming\pcouffin.sys
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.26 20:14:15 | 000,782,848 | ---- | M] () -- C:\Windows\System32\drivers\qaaruple.sys
[2010.08.26 20:13:44 | 023,068,672 | -HS- | M] () -- C:\Users\Jericho\ntuser.dat
[2010.08.26 18:58:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.26 18:57:52 | 000,775,139 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.08.26 18:56:41 | 000,524,288 | -HS- | M] () -- C:\Users\Jericho\ntuser.dat{8522b2b8-e237-11dc-a711-0017318ae84c}.TMContainer00000000000000000001.regtrans-ms
[2010.08.26 18:56:41 | 000,065,536 | -HS- | M] () -- C:\Users\Jericho\ntuser.dat{8522b2b8-e237-11dc-a711-0017318ae84c}.TM.blf
[2010.08.26 18:56:12 | 000,033,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.26 18:56:12 | 000,033,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.26 18:55:40 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.26 18:55:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.26 18:55:34 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 18:55:34 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 18:55:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.26 16:23:59 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.26 15:36:14 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.08.25 23:07:32 | 000,170,496 | ---- | M] () -- C:\Users\Jericho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 22:12:46 | 000,000,804 | ---- | M] () -- C:\Users\Jericho\Desktop\CCleaner.lnk
[2010.08.25 21:55:38 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.25 21:55:38 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.25 21:55:38 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.25 21:55:38 | 000,122,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.25 21:55:38 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.25 21:54:36 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\jan.exe.lnk
[2010.08.25 21:26:00 | 000,110,976 | ---- | M] () -- C:\Users\Jericho\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.25 21:04:18 | 000,386,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.25 21:01:31 | 000,198,144 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Fxukyb.exe
[2010.08.25 21:01:28 | 000,198,144 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Fxukya.exe
[2010.08.25 20:26:55 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.25 20:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.25 16:52:12 | 000,000,522 | ---- | M] () -- C:\Users\Jericho\Desktop\UseNeXT.lnk
[2010.08.12 21:21:20 | 000,000,682 | ---- | M] () -- C:\Users\Jericho\Desktop\H5_Game - Verknüpfung (2).lnk
[2010.08.12 20:49:05 | 000,000,001 | ---- | M] () -- C:\Windows\System32\SI.bin
[2010.08.11 17:21:08 | 000,000,317 | ---- | M] () -- C:\Windows\win.ini
[10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.26 16:23:59 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.26 15:36:30 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.08.26 15:36:30 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.08.26 15:36:30 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.08.26 15:36:30 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.08.26 15:36:30 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.08.26 15:36:16 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.08.26 15:36:15 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.08.26 15:36:15 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.08.26 15:36:14 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.08.26 15:36:14 | 000,001,751 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.08.25 22:12:46 | 000,000,804 | ---- | C] () -- C:\Users\Jericho\Desktop\CCleaner.lnk
[2010.08.25 21:54:36 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\jan.exe.lnk
[2010.08.25 21:00:40 | 000,782,848 | ---- | C] () -- C:\Windows\System32\drivers\qaaruple.sys
[2010.08.25 16:52:12 | 000,000,522 | ---- | C] () -- C:\Users\Jericho\Desktop\UseNeXT.lnk
[2010.08.12 21:21:20 | 000,000,682 | ---- | C] () -- C:\Users\Jericho\Desktop\H5_Game - Verknüpfung (2).lnk
[2010.08.12 20:49:05 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.02.28 17:53:16 | 000,001,041 | ---- | C] () -- C:\Users\Jericho\AppData\Roaming\vso_ts_preview.xml
[2010.02.28 17:52:34 | 000,000,034 | ---- | C] () -- C:\Users\Jericho\AppData\Roaming\pcouffin.log
[2010.02.28 17:51:51 | 000,087,608 | ---- | C] () -- C:\Users\Jericho\AppData\Roaming\inst.exe
[2010.02.28 17:51:51 | 000,007,887 | ---- | C] () -- C:\Users\Jericho\AppData\Roaming\pcouffin.cat
[2010.02.28 17:51:51 | 000,001,144 | ---- | C] () -- C:\Users\Jericho\AppData\Roaming\pcouffin.inf
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.09.20 15:51:32 | 000,033,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.20 15:51:31 | 000,033,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.27 19:19:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.21 18:25:05 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2009.04.08 00:21:49 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2009.01.09 22:32:55 | 000,004,096 | -H-- | C] () -- C:\Users\Jericho\AppData\Local\keyfile3.drm
[2009.01.09 20:31:35 | 000,004,757 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.07 21:28:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.07 21:28:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.12.18 18:58:55 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2008.12.13 19:22:55 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.07.09 10:12:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2008.07.09 09:53:57 | 000,000,268 | RH-- | C] () -- C:\Users\Jericho\AppData\Roaming\Workflows
[2008.07.09 09:53:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\docInfo
[2008.07.09 09:53:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2008.07.05 20:24:04 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.06.30 14:54:23 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2008.06.28 10:38:41 | 000,001,024 | ---- | C] () -- C:\Users\Jericho\.rnd
[2008.05.17 11:52:01 | 000,002,032 | ---- | C] () -- C:\Users\Jericho\AppData\Local\d3d9caps.dat
[2008.05.01 14:36:14 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
[2008.05.01 14:36:12 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2008.05.01 14:36:11 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2008.05.01 14:36:11 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008.04.19 18:02:30 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2008.04.19 18:02:30 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008.04.19 18:02:25 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2008.04.19 18:02:25 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2008.04.19 18:02:03 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008.03.20 22:56:02 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008.03.15 20:40:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008.03.03 17:36:13 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.03.03 17:36:13 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.03.03 17:36:13 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.03.03 17:36:13 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.03.03 17:36:13 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.03.03 17:36:13 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.03.02 22:49:43 | 000,000,249 | ---- | C] () -- C:\Users\Jericho\Goya.ini
[2008.03.02 22:49:27 | 000,000,046 | ---- | C] () -- C:\Windows\Goya.INI
[2008.03.02 17:06:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.03.02 17:06:26 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.03.02 13:56:10 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.03.02 13:55:43 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.03.02 12:49:17 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008.03.02 12:47:16 | 000,000,319 | ---- | C] () -- C:\Windows\Ulead32.ini
[2008.03.01 17:35:08 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2008.02.27 18:41:54 | 000,008,204 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.02.27 18:15:14 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2008.02.24 13:55:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.02.24 11:51:52 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.02.24 11:51:52 | 000,138,056 | ---- | C] () -- C:\Users\Jericho\AppData\Roaming\PnkBstrK.sys
[2008.02.24 11:51:32 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini
[2008.02.24 01:17:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.02.23 22:33:28 | 000,524,288 | -HS- | C] () -- C:\Users\Jericho\ntuser.dat{8522b2b8-e237-11dc-a711-0017318ae84c}.TMContainer00000000000000000002.regtrans-ms
[2008.02.23 22:33:28 | 000,524,288 | -HS- | C] () -- C:\Users\Jericho\ntuser.dat{8522b2b8-e237-11dc-a711-0017318ae84c}.TMContainer00000000000000000001.regtrans-ms
[2008.02.23 22:33:28 | 000,065,536 | -HS- | C] () -- C:\Users\Jericho\ntuser.dat{8522b2b8-e237-11dc-a711-0017318ae84c}.TM.blf
[2008.02.23 18:36:26 | 000,715,248 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.02.23 18:27:36 | 000,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008.02.23 18:27:36 | 000,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008.02.23 18:22:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.02.23 18:14:05 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.02.23 16:49:47 | 000,000,488 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.02.23 16:49:42 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008.02.23 16:49:38 | 000,170,496 | ---- | C] () -- C:\Users\Jericho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.23 16:46:41 | 000,000,020 | -HS- | C] () -- C:\Users\Jericho\ntuser.ini
[2008.02.23 16:46:39 | 000,524,288 | ---- | C] () -- C:\Users\Jericho\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2008.02.23 16:46:39 | 000,524,288 | ---- | C] () -- C:\Users\Jericho\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2008.02.23 16:46:39 | 000,262,144 | ---- | C] () -- C:\Users\Jericho\ntuser.dat.LOG1
[2008.02.23 16:46:39 | 000,065,536 | ---- | C] () -- C:\Users\Jericho\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2008.02.23 16:46:39 | 000,000,000 | ---- | C] () -- C:\Users\Jericho\ntuser.dat.LOG2
[2008.02.23 16:46:38 | 023,068,672 | -HS- | C] () -- C:\Users\Jericho\ntuser.dat
[2008.02.21 04:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.02.21 04:04:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.02.21 04:04:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.02.21 04:03:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007.07.02 10:58:14 | 000,001,970 | ---- | C] () -- C:\Windows\P17EP.ini
[2007.06.06 10:24:24 | 000,003,348 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2007.04.09 10:42:00 | 000,148,480 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2005.03.08 15:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2004.10.12 08:40:58 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2004.10.12 08:39:48 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2004.10.12 08:39:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2004.10.09 08:40:16 | 000,454,144 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2004.10.05 10:16:08 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2010.03.01 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Bioshock2
[2008.02.23 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\DAEMON Tools
[2008.04.27 12:24:26 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Digital Red
[2010.08.25 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\EA86D57A04E14FD6D5AB92B418AA0A4A
[2009.12.04 20:11:35 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Image Zone Express
[2009.01.10 23:47:18 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\InfraRecorder
[2009.01.31 21:23:09 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\LEAPS
[2008.07.09 10:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Nikon
[2009.01.31 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Pegasys Inc
[2008.03.03 20:14:03 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Printer Info Cache
[2008.06.28 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\ProtectDisc
[2008.11.09 21:05:33 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Red Alert 3
[2009.10.29 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\runic games
[2008.04.16 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Samsung
[2009.05.24 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Stardock
[2008.04.03 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\TeamViewer
[2009.10.24 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\temp
[2009.03.04 21:24:54 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\The Creative Assembly
[2008.06.28 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\The Games Company
[2009.10.03 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Tropico 3
[2008.02.23 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\TuneUp Software
[2010.04.10 15:11:17 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Ubisoft
[2008.03.03 20:49:14 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Ulead Systems
[2010.08.25 21:00:24 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\UseNeXT
[2010.02.28 20:08:32 | 000,000,000 | ---D | M] -- C:\Users\Jericho\AppData\Roaming\Vso
[2010.08.26 18:55:40 | 000,000,504 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2009.03.27 18:22:58 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job
[2010.08.24 22:14:49 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF
< End of report >
         
--- --- ---

Geändert von Jan75 (26.08.2010 um 19:19 Uhr)

Alt 26.08.2010, 20:33   #2
Swisstreasure
/// Malwareteam
 
Antimalware Doctor + "in einer Minute wird der rechner runtergefahren" - Standard

Antimalware Doctor + "in einer Minute wird der rechner runtergefahren"





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

Schritt 2

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.

Schritt 3

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen
Code:
ATTFilter
C:\Users\Public\Desktop\jan.exe.lnk
         
Also gehe wie hier beschrieben vor:
  • Öffne diese Webseite: virustotal
  • Klicke auf "Durchsuchen"
  • Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
  • "Senden der Datei"
  • Warte, bis der Scandurchlauf aller Virenscanner beendet ist
  • Auf "Filter" klicken
  • dann auf "Ergebnisse"
  • das Ergebnis (wie Du es bekommst )
    komplett markieren und hier rein kopieren
Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Schritt 4

Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
O32 - AutoRun File - [2009.10.25 13:37:39 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ]
O32 - AutoRun File - [2008.02.23 22:55:05 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O33 - MountPoints2\{80948594-8113-11de-a4ad-0017318ae84c}\Shell - "" = AutoRun
O33 - MountPoints2\{80948594-8113-11de-a4ad-0017318ae84c}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8522afe4-e237-11dc-a711-0017318ae84c}\Shell - "" = AutoRun
O33 - MountPoints2\{8522afe4-e237-11dc-a711-0017318ae84c}\Shell\AutoRun\command - "" = H:\SetupLauncher.exe -- File not found
O33 - MountPoints2\{8522afe6-e237-11dc-a711-0017318ae84c}\Shell - "" = AutoRun
O33 - MountPoints2\{8522afe6-e237-11dc-a711-0017318ae84c}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\{96ea3784-4360-11dd-a2be-0017318ae84c}\Shell - "" = AutoRun
O33 - MountPoints2\{96ea3784-4360-11dd-a2be-0017318ae84c}\Shell\AutoRun\command - "" = L:\start.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\start.exe -- File not found
[2010.08.25 21:37:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010.08.25 21:04:19 | 000,198,144 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Fxukyb.exe
[2010.08.25 21:01:33 | 000,198,144 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Fxukya.exe
[2010.08.25 21:00:49 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.08.25 20:59:43 | 000,000,000 | ---D | C] -- C:\Users\Jericho\AppData\Roaming\EA86D57A04E14FD6D5AB92B418AA0A4A
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 5

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
             
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
__________________


Geändert von Swisstreasure (26.08.2010 um 20:41 Uhr)

Alt 27.08.2010, 15:57   #3
Jan75
 
Antimalware Doctor + "in einer Minute wird der rechner runtergefahren" - Standard

Antimalware Doctor + "in einer Minute wird der rechner runtergefahren"



Vielen Dank, aber ich glaub das hat sich erledigt.
der rechner bootet nicht mehr,ja hab im setup alles überprüft.
werd den hobel neu machen müssen.
trotzdem danke
__________________

Alt 27.08.2010, 16:28   #4
Swisstreasure
/// Malwareteam
 
Antimalware Doctor + "in einer Minute wird der rechner runtergefahren" - Standard

Antimalware Doctor + "in einer Minute wird der rechner runtergefahren"



Es gibt noch eine Möglichkeit. Aber wenn Du Dich zum Neuaufsetzen entscheidest ist dies sicherlich auch nicht falsch.

Antwort

Themen zu Antimalware Doctor + "in einer Minute wird der rechner runtergefahren"
0x00000001, 32 bit, alternate, anderes, antimalware, antimalware doctor, antimalware doctor enfernen, avgntflt.sys, befolgt, bereits, browser guard, call of duty, components, corp./icp, counter-strike source, doctor, druck, excel.exe, fenster, icon, install.exe, jdownloader, location, media center, minute, nichts, nvlddmkm.sys, nvstor.sys, officejet, oldtimer, otl logfile, poppt, posts, problem, programdata, rechner, recover, safer networking, saver, sched.exe, shell32.dll, sie werden in einer minute abgemeldet, skype.exe, sptd.sys, studio, system restore, usenext, verschiedene, verschiedenen, verschwunden, vista, vlc media player, world at war



Ähnliche Themen: Antimalware Doctor + "in einer Minute wird der rechner runtergefahren"


  1. Windows 8.1 : Vermutlich mit ZBOT infiziert. Meldung: "Ihr Computer wird in unter einer Minute heruntergefahren"
    Plagegeister aller Art und deren Bekämpfung - 12.12.2014 (7)
  2. Win 7: "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet"
    Log-Analyse und Auswertung - 18.09.2013 (9)
  3. "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet."
    Log-Analyse und Auswertung - 24.04.2012 (7)
  4. Fehlermeldung "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet."
    Log-Analyse und Auswertung - 30.09.2011 (3)
  5. "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet."
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (7)
  6. "antimalware doctor" malware
    Plagegeister aller Art und deren Bekämpfung - 02.02.2011 (3)
  7. Windows wird in einer Minute runtergefahren. Kein Taskmanager mehr.
    Plagegeister aller Art und deren Bekämpfung - 24.12.2010 (14)
  8. POPUP: Rechner wird in Kürze runtergefahren
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (2)
  9. Antimalware Doctor - auch ich habe diesen "Akademiker"
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (11)
  10. "Sie werden in Kürze abgemeldet", Antimalware doctor, keine Internetverbindung möglich
    Log-Analyse und Auswertung - 06.09.2010 (33)
  11. Fehler in Windows Vista: "Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute..."
    Log-Analyse und Auswertung - 20.08.2010 (0)
  12. Nach "Antimalware Doctor" weiterhin Probleme
    Log-Analyse und Auswertung - 08.08.2010 (33)
  13. Nach "Antimalware Doctor"-Befall weiterhin Probleme
    Log-Analyse und Auswertung - 26.07.2010 (7)
  14. Habe Laptop meines Freundes mit dem "Antimalware Doctor" infiziert!
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (1)
  15. Antimalware Doctor - "idstrf" kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (11)
  16. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)
  17. "Ihr System wird in 59 Sekunden runtergefahren..."
    Plagegeister aller Art und deren Bekämpfung - 01.12.2005 (2)

Zum Thema Antimalware Doctor + "in einer Minute wird der rechner runtergefahren" - Moin, ich habe mir den antimalware doctor eingefangen. habe bereits eure Anweisungen in verschiedenen Posts befolgt und antimalware findet auch nichts mehr. das icon und das fenster des docs sind - Antimalware Doctor + "in einer Minute wird der rechner runtergefahren"...
Archiv
Du betrachtest: Antimalware Doctor + "in einer Minute wird der rechner runtergefahren" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.