Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC fährt nicht herunter,Programme hängen sich auf etc.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.09.2010, 15:42   #1
ali321
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Hallo liebe Forumgemeinde ,
(Habe schon die SuFu genutzt und einiges gefunden aber bin irgendwie nicht weiter..)
Ich hab mal wieder schöne neue Probleme auf meinem PC ...
Er fährt nicht ordentlich runter und bleibt bei "abmelden" stehen .
Hab ihn 2std. lang stehen lassen ohne Erfolg
habe PC Tools AntiVirus 10mal drüberlaufenlassen .
Anfangs mit 145 Infektionen und (keine Rückmeldung) also neustart und das ganze nochmal und später im abgesicherten Modus hat es dann funktioniert .
Leider besten Probleme wie (keine Rückmeldung und das mein Orbit Grab++ nicht mehr funktioniert weiterhin)
Habe mein HJACK Logfile mal bei der Auswertung hochgeladen und nette Sachen wie :
Code:
ATTFilter
     R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
         
etc. gefunden

Einmal den ganzen Log :
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:12:13, on 26.09.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vspc1030.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Security\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Zandy\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.105.171 gs.apple.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [spc1030] C:\Windows\vspc1030.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B175FDC-3A19-4105-AE85-EF088487102C}: NameServer = 192.168.182.1,192.168.182.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE15D25-E061-4EA7-A67B-2FBB0BF7B106}: NameServer = 192.168.182.1,192.168.182.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D08FD11B-68BB-4DB9-B05C-0694FD0A3F17}: NameServer = 192.168.182.1,192.168.182.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: RichiStudios Shutdown (RSShutdown) - Unknown owner - D:\hackie\service.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Unknown owner - C:\Program Files\Tunngle\TnglCtrl.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 10628 bytes
         
Warscheinlich werde ich gleich hören : "System neu aufsetzen" aber da habe ich grade keine Zeit zu ...
Gibt es auch eine Möglichkeit wie defragmentieren und einige Programme deinstallieren und Dateien löschen?

Ich bedanke mich schon einmal für schnelle Antworten

Alt 26.09.2010, 18:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Zitat:
habe PC Tools AntiVirus 10mal drüberlaufenlassen .
Anfangs mit 145 Infektionen und (keine Rückmeldung) also neustart und das ganze nochmal und später im abgesicherten Modus hat es dann funktioniert .
Poste bitte alle Logs mit den Funden!
__________________

__________________

Alt 26.09.2010, 19:29   #3
ali321
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Ich habe die Logs leider nicht gespeichert ...
Oder ich weiß nicht wo sie gespeichert werden
Konntest du sonst etwas in meinem Hjack log entdecken?
__________________

Alt 26.09.2010, 19:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Die Logs sollten im Hauptmenü des Virenscanners unter Protokolle/Logdateien/Berichte oder so zu finden sein.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.09.2010, 19:58   #5
ali321
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



find ich nicht ..
ich hab nur history gefnden wo steht :
Code:
ATTFilter
 PC Tools PC Tools AntiVirus Free
 
Date
    
Status
28.07.2010 12:34:30:100     
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:34:30:100     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:34:54:457     
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
28.07.2010 12:37:17:506     
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:37:17:506     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:37:47:636     
IntelliGuards status
All IntelliGuards were Enabled
28.07.2010 12:38:21:606     
Immunizer Results
ActiveX section has been immunized, Processed 5161 items.
28.07.2010 12:40:35:599     
Scan Started
Scan Type - Full Scan
28.07.2010 12:40:37:317     
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adfarm1.adition.com/ adfarm1.adition.com
28.07.2010 12:40:37:456     
Scan Finished
Scan Type - Full Scan
Items Processed - 2
Threats Detected - 1
Infections Detected - 1
28.07.2010 12:41:18:606     
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adfarm1.adition.com/ adfarm1.adition.com
28.07.2010 12:41:20:886     
Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 1
Remove Failed - 0
28.07.2010 12:41:34:756     
Scan Started
Scan Type - Custom Scan
28.07.2010 12:41:35:537     
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - adtech.de/ adtech.de
28.07.2010 12:41:35:603     
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com
28.07.2010 12:41:35:633     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - atdmt.com/ atdmt.com
28.07.2010 12:41:35:756     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - bs.serving-sys.com/ bs.serving-sys.com
28.07.2010 12:41:35:990     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - doubleclick.net/ doubleclick.net
28.07.2010 12:41:36:55     
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
28.07.2010 12:41:36:102     
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - mediaplex.com/ mediaplex.com
28.07.2010 12:41:36:629     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com
28.07.2010 12:41:36:730     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - tradedoubler.com/ tradedoubler.com
28.07.2010 12:41:36:753     
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - weborama.fr/ weborama.fr
28.07.2010 12:45:04:596     
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:45:04:596     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:45:04:656     
IntelliGuards status
All IntelliGuards were Enabled
28.07.2010 12:45:05:943     
Immunizer Results
ActiveX section has been immunized. No items were processed.
28.07.2010 12:45:34:812     
Scan Started
Scan Type - Intelli-Scan
28.07.2010 12:45:35:682     
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - adtech.de/ adtech.de
28.07.2010 12:45:35:750     
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com
28.07.2010 12:45:35:778     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - atdmt.com/ atdmt.com
28.07.2010 12:45:35:901     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - bs.serving-sys.com/ bs.serving-sys.com
28.07.2010 12:45:36:137     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - doubleclick.net/ doubleclick.net
28.07.2010 12:45:36:201     
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
28.07.2010 12:45:36:245     
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - mediaplex.com/ mediaplex.com
28.07.2010 12:45:36:798     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com
24.09.2010 08:04:53:156     
Service Started
PC Tools AntiVirus Free Service Application started
24.09.2010 08:04:53:157     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24.09.2010 08:04:54:698     
IntelliGuards status
All IntelliGuards were Enabled
24.09.2010 08:04:56:87     
Immunizer Results
ActiveX section has been immunized, Processed 3 items.
24.09.2010 08:09:26:518     
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
24.09.2010 16:42:02:45     
Service Started
PC Tools AntiVirus Free Service Application started
24.09.2010 16:42:02:45     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24.09.2010 16:42:02:215     
IntelliGuards status
All IntelliGuards were Enabled
24.09.2010 16:42:18:199     
Immunizer Results
ActiveX section has been immunized. No items were processed.
24.09.2010 16:55:02:342     
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
24.09.2010 17:08:46:686     
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
25.09.2010 13:50:00:585     
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 13:50:00:585     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 13:51:51:522     
Scan Started
Scan Type - Full Scan
25.09.2010 13:51:52:918     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com
25.09.2010 13:51:53:566     
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com
25.09.2010 13:51:53:711     
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 13:51:54:644     
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com
25.09.2010 16:28:54:348     
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 16:28:54:348     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 16:29:03:802     
Scan Started
Scan Type - Full Scan
25.09.2010 17:11:15:668     
Scan Finished
Scan Type - Full Scan
Items Processed - 154237
Threats Detected - 0
Infections Detected - 0
25.09.2010 17:11:19:942     
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
25.09.2010 17:13:37:590     
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 17:13:37:590     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 17:13:37:720     
IntelliGuards status
All IntelliGuards were Enabled
25.09.2010 17:13:39:770     
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 17:22:46:531     
Scan Started
Scan Type - Full Scan
25.09.2010 17:24:03:750     
Smart Update
Smart Update has successfully installed new updates.
25.09.2010 17:24:05:726     
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 18:00:09:971     
Scheduled Scan Skipped
Scheduled task Intelli-Scan of this computer skipped - another scan is already running.
25.09.2010 18:58:04:974     
Scan Finished
Scan Type - Full Scan
Items Processed - 179581
Threats Detected - 0
Infections Detected - 0
25.09.2010 20:08:20:657     
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 20:08:20:657     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 20:08:23:164     
IntelliGuards status
All IntelliGuards were Enabled
25.09.2010 20:08:25:232     
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 20:13:10:632     
Scan Started
Scan Type - Full Scan
25.09.2010 20:13:11:596     
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 20:25:24:11     
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
25.09.2010 21:12:06:382     
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 22:15:10:454     
Scan Finished
Scan Type - Full Scan
Items Processed - 363540
Threats Detected - 2
Infections Detected - 2
25.09.2010 23:17:00:632     
Infection quarantined
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 23:17:00:672     
Infection cleaned
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 23:17:00:769     
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 23:17:03:419     
Infections Quarantined/Removed Summary
Quarantined - 1
Quarantine Failed - 0
Removed - 2
Remove Failed - 0
26.09.2010 00:20:14:613     
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 16:00:15:858     
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 16:00:15:858     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 16:00:15:994     
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 16:00:20:716     
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 16:18:10:727     
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
26.09.2010 16:42:40:324     
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 18:06:53:7     
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 18:06:53:7     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 18:06:53:261     
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 18:07:11:49     
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 18:25:25:891     
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
26.09.2010 19:26:11:759     
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 20:25:17:525     
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 20:25:17:525     
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 20:25:17:805     
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 20:25:31:590     
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 20:37:30:978     
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
         
aber das ist ja lange nicht alles und auch nicht der richtige logfile ....


Alt 27.09.2010, 10:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> PC fährt nicht herunter,Programme hängen sich auf etc.

Alt 27.09.2010, 15:21   #7
ali321
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Ok habe alles so gemacht wie beschrieben

OTL files :
Code:
ATTFilter
OTL logfile created on: 27.09.2010 14:07:34 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Zandy\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,70 Gb Total Space | 53,15 Gb Free Space | 47,58% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 48,65 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 931,51 Gb Total Space | 669,33 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
 
Computer Name: MEINPC
Current User Name: Zandy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\mcupdate.exe (Microsoft Corporation)
PRC - C:\Windows\vspc1030.exe (Sonix)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe (Sitecom Europe BV)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found
SRV - (RSShutdown) -- D:\hackie\service.exe File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found
SRV - (ACPService) --  File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\System32\drivers\spc1030.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- D:\Bearbeitungsprogramme\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (MicNgTun) -- C:\Windows\System32\drivers\MicNgTun.sys (Micronas GmbH)
DRV - (MicNgCap) -- C:\Windows\System32\drivers\MicNgCap.sys (Micronas GmbH)
DRV - (MicNgBas) -- C:\Windows\System32\drivers\MicNgBas.sys (Micronas GmbH)
DRV - (ZD1211U(Sitecom)) Sitecom Wireless Network USB Adapter Driver(Sitecom) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 18:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.18 18:25:19 | 000,000,000 | ---D | M]
 
[2009.03.05 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Extensions
[2010.09.27 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions
[2010.09.25 17:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.24 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}
[2010.02.24 15:52:21 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.02.24 15:52:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.09.23 19:33:53 | 000,002,171 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\bing.xml
[2010.04.27 09:50:20 | 000,000,931 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\conduit.xml
[2010.01.01 20:55:34 | 000,002,055 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\daemon-search.xml
[2010.09.22 19:32:04 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-1.xml
[2009.08.13 08:55:58 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-2.xml
[2009.09.13 15:28:00 | 000,000,961 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-3.xml
[2009.06.22 08:30:30 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin.xml
[2010.09.18 18:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.03.11 15:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010.09.18 18:25:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.18 18:25:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.18 18:25:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.18 18:25:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.18 18:25:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.18 14:37:22 | 000,000,818 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.208.105.171 gs.apple.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.25 14:43:30 | 000,000,067 | ---- | M] () - Q:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.27 14:03:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe
[2010.09.27 13:59:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.27 13:59:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.27 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.25 17:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2010.09.23 15:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Music Files Finder
[2010.09.20 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.09.20 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.09.20 15:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.09.20 15:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.09.19 22:25:17 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\iPod Photo Cache
[2010.09.19 22:07:37 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\Ipod Bilder
[2010.09.18 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\ProgSense
[2010.09.17 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Adobe
[2010.09.17 23:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.09.17 23:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr
[2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182
[2010.09.17 21:25:01 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Download Manager
[2010.09.17 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Deskto
[2010.09.16 14:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010.09.16 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Ableton
[2010.09.16 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Ableton
[2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Notepad++
[2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010.09.02 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.02.05 15:53:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.27 14:12:15 | 004,980,736 | ---- | M] () -- C:\Users\Zandy\NTUSER.DAT
[2010.09.27 14:10:24 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
[2010.09.27 14:03:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe
[2010.09.27 14:01:06 | 001,491,156 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.27 14:01:06 | 000,656,262 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.27 14:01:06 | 000,614,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.27 14:01:06 | 000,121,228 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.27 14:01:06 | 000,108,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.27 13:56:49 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.27 13:55:45 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 13:55:45 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 13:55:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.27 13:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.27 13:55:15 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.26 21:40:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.26 21:40:41 | 002,976,619 | -H-- | M] () -- C:\Users\Zandy\AppData\Local\IconCache.db
[2010.09.26 21:20:44 | 001,579,830 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg
[2010.09.26 21:05:38 | 003,052,111 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG
[2010.09.26 20:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.26 14:51:19 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.09.25 17:16:51 | 000,111,616 | ---- | M] () -- C:\Users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.25 17:12:57 | 003,765,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.25 16:28:25 | 000,008,052 | ---- | M] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat
[2010.09.25 13:58:54 | 000,004,368 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg
[2010.09.25 12:52:00 | 000,168,448 | ---- | M] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 23:41:27 | 001,987,907 | ---- | M] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf
[2010.09.24 23:14:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2010.09.20 14:28:21 | 000,009,694 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg
[2010.09.18 18:42:14 | 000,032,738 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg
[2010.09.18 14:37:22 | 000,000,818 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.04 14:19:46 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.31 13:52:19 | 000,001,064 | -H-- | M] () -- C:\Windows\tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.26 21:20:34 | 001,579,830 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg
[2010.09.25 17:12:11 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.25 13:58:53 | 000,004,368 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg
[2010.09.24 23:41:27 | 001,987,907 | ---- | C] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf
[2010.09.21 21:45:58 | 003,052,111 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG
[2010.09.20 14:28:18 | 000,009,694 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg
[2010.09.18 18:42:10 | 000,032,738 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg
[2010.05.17 17:49:38 | 000,079,360 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePowerS.dll
[2010.05.17 17:49:05 | 000,180,736 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeOptix_ScreenCapS.dll
[2010.05.17 17:48:40 | 000,086,528 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeGetSteamS.dll
[2010.05.17 17:48:25 | 000,108,544 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePwS.dll
[2010.04.20 19:54:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.20 18:32:02 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt
[2010.04.15 17:45:31 | 000,000,614 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\nt.bat
[2010.03.30 21:20:22 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2010.02.25 20:48:43 | 000,157,184 | -HS- | C] () -- C:\Windows\System32\SCS.dll
[2010.01.01 19:53:27 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.09.06 10:31:45 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.10 23:58:11 | 000,000,168 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\AVSMediaPlayer.m3u
[2009.03.03 20:47:33 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.03.03 20:47:33 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.05 15:53:01 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys
[2009.02.05 15:53:01 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2009.02.05 15:53:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys
[2009.02.05 15:53:01 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini
[2009.01.19 20:45:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2008.12.09 11:32:06 | 000,028,754 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\UserTile.png
[2008.09.20 19:07:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.15 19:28:39 | 000,000,628 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\wklnhst.dat
[2008.01.02 18:42:57 | 000,008,052 | ---- | C] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat
[2007.12.11 12:39:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.12.11 11:54:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.12.04 22:42:17 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.01 08:21:20 | 000,168,448 | ---- | C] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.30 16:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Zandy\AppData\Local\rx_image.Cache
[2007.06.27 03:50:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.05.23 21:39:26 | 000,000,689 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.23 21:39:26 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.05.23 13:12:14 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007.05.23 13:12:12 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini
[2007.05.23 13:07:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.05.19 00:23:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD
< End of report >
         
Extras :
Code:
ATTFilter
OTL Extras logfile created on: 27.09.2010 14:07:34 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Zandy\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,70 Gb Total Space | 53,15 Gb Free Space | 47,58% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 48,65 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 931,51 Gb Total Space | 669,33 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
 
Computer Name: MEINPC
Current User Name: Zandy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Zandy\Desktop\Allgemein\BitTorrent\bittorrent.exe" = C:\Users\Zandy\Desktop\Allgemein\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"D:\AirRivals_DE\Launcher.atm" = D:\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- File not found
"D:\AirRivals_DE\Res-Voip\SCVoIP.exe" = D:\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B3A891-60F5-4DCB-B5C4-40859E111C32}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0104B14D-5906-4415-822B-EAB1893BEF44}" = lport=138 | protocol=17 | dir=in | app=system | 
"{019FF6CB-E9E9-456C-B7D7-4D426BAAA06A}" = lport=5050 | protocol=6 | dir=in | name=5050 | 
"{094908A9-4C64-493F-ACC4-4D821C3F2154}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{2D9869FE-DAFA-441E-9AED-6A9558BF9344}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{31B860DA-73B5-4EDD-AD7E-9A4C28E974E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{353D86E6-EEBF-4363-A987-1AA4A108596D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{35C20EC4-DCD9-45B8-9363-3916C4BE4116}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4B348D8C-F25F-4DF0-9CA9-0D0E5089FEEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{59637524-E8C3-40A3-87CF-F64570690B26}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5BBE7987-32AC-4EF6-A0E0-CAB6579D46DB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{67CD75F9-2271-4C03-8B32-CFA5D21E96A3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6C0027A4-EF84-46A4-92CA-0731201BD356}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6EC81507-C5BE-46EA-8AE5-42D0E4FD68C0}" = lport=13146 | protocol=6 | dir=in | name=azereus | 
"{793B1A50-4816-4EC0-973D-3B8EFF5A78A6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7B4975F7-FB3F-4111-98EB-179FDD4E5AEF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{82A4166F-E314-40DD-A545-5B432F5413A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8B7431A9-2BE0-4F39-8414-F30DA3DE39E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8DE40A60-D798-48F4-A153-3793A15FD50E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A8BD2364-3BB7-4E1F-8ACF-F636176028B5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BD75BEC7-A89D-4A9A-88C0-8A56D6CB0391}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0510FFD-31BD-4013-BA10-CCBF664E19F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C4F8ABEA-7C0E-49F4-BA72-A7DC38BE971B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D26B66A3-C331-4A18-8E2D-0E116B316EE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DC359436-E112-4B1F-82F2-1F5EFA050736}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FC402580-9923-48BF-8384-E3ADCCDE65C3}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0037F6F1-2ED5-4758-A051-17534ADA50A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{08BA8DA1-E50E-4338-BD57-6D004206509A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0C09A92E-317A-49B4-ABE4-ACEB3D7CCEA2}" = dir=in | app=d:\bearbeitungsprogramme\playmovie\pmvservice.exe | 
"{1E7B9E66-F410-4A0E-A2B3-C0C2EEC12345}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{246B7977-686F-4DA2-8196-22FF931E54FE}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0-engb-downloader.exe | 
"{302621DD-9CB1-46D1-91A7-80B2DC5DCA8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{35519704-ADE4-48A5-85FD-7F294D47CD16}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{3D7BBBCB-C18E-4510-8083-6930FCD3C597}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3E3A4BD3-F48E-4EBB-9F11-AB947392FB2F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{416E957D-5107-4071-96D8-0BB207AFE0C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{454AD2B8-0EF2-4CA3-83CC-29132654F184}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{4B049494-498E-4177-B2A3-4000FBFA9021}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{53FAECCC-E85D-46B8-B54E-7DF1BC185EA0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{5412D00E-8A16-4123-88ED-CD6AA22D3F15}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5718ACAF-9DBA-4EE8-B019-33F145E49700}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{611110B8-EE89-4A21-8A2D-5053A5DC207F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{6EEC8F4A-FFFC-4C9E-98E6-FA1E30CC374C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{72E8576F-4E3B-4E2D-8211-E11912D746AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{826B0EDB-35C3-4342-B5E2-6481D15DA55E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{8DF272AA-F8A8-498B-8475-7BFEC2291493}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{94525E22-426E-4773-B5FF-9CFC91DFB5B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9DBE8352-2E24-4D17-873F-54B046C4A649}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{A3B4D216-2253-4C53-A46C-4749CDB21994}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AF4CA328-D47A-4200-8B2A-37ACFCF2FAD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B3DCFAE8-4C34-4A69-9B52-84D14D5B2D5E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B8FE0290-2691-4776-A54D-0D777FD29E3A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BD7E1CB9-2370-4198-A5CF-58651265180B}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{BE8FFDCD-A522-41A9-AAF6-ECFC19C373ED}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{C716D6EE-2123-4A8E-AE23-A79B12FBF6BE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{C852B588-B676-4AF6-B40D-C88F9F4A1E76}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{C9248B30-C2FC-4C22-AF04-EBA0EC6EAB6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C9DD64A6-B8C2-4CFA-9EE7-5346473DF6F3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CAFDCF0A-3BD5-4D62-9EA7-886705B63F88}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0-engb-downloader.exe | 
"{CBB355BB-7F9F-431A-BD40-DED8B265A51E}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{D74A9B68-6710-47C6-AA8B-7172A2C595BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1DCE130-9AE8-4B6E-A6F6-DEF37CE93D1A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{E8598425-C28A-4D98-8681-1C8ED9393D3F}" = dir=in | app=d:\bearbeitungsprogramme\playmovie\playmovie.exe | 
"TCP Query User{0104331B-692C-48A0-BF84-C512EEC82292}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{0A477EC7-C641-4608-9FD6-FC5E49F90E6E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{0F1933EC-9B6F-4A99-B4BD-CF696C3DFFD8}D:\halo 1 mp\haloce.exe" = protocol=6 | dir=in | app=d:\halo 1 mp\haloce.exe | 
"TCP Query User{1290680D-7BBB-408C-96DD-E801324C324F}C:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe | 
"TCP Query User{1BD25AC1-361A-4F9B-B730-F1A065A01627}Q:\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=q:\css\counter-strike source\hl2.exe | 
"TCP Query User{236B5E77-B703-4EDF-BFFA-A84DB66322F6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{3DB97748-4353-45E5-960E-832E7E3A3FA8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{3FD9ECE9-2448-4656-8273-203C8D4D7995}D:\sniper\sniper elite\sniperelite.exe" = protocol=6 | dir=in | app=d:\sniper\sniper elite\sniperelite.exe | 
"TCP Query User{41CC5285-8594-45D7-BFCD-F2A5E60ED7ED}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{44858294-7D0A-41D1-90B1-CD375AE6388B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5CCA4F48-6DC8-4629-992F-83652782F967}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{614F1BD6-42A4-485F-B305-5DB22E57D5D0}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{6C988A3C-433E-4BAE-BF35-2DEA4257CB89}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"TCP Query User{6F87A5C4-35E6-4C5A-B774-DEBE9F4BB11A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{6FE46B79-6652-426D-B3E5-E8868A14F8C5}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{747612FE-B0FD-4380-92A2-E4F603ACFA3B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{74D22B22-0777-41A9-98A8-697A99A123A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{85CF08CE-B4C4-4B9E-AAAA-A527E385B164}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"TCP Query User{8678D507-865D-41D1-B72A-BEC530C6B3DE}C:\users\zandy\downloads\halo\haloce.exe" = protocol=6 | dir=in | app=c:\users\zandy\downloads\halo\haloce.exe | 
"TCP Query User{88D46B82-67FC-4C0D-95DB-E84DAEBE8BA6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{8B5023F9-A317-4D02-9F91-A9B3D21481EC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{9A7E8807-0E45-4EAC-BC6B-1D35DD8879DB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{A4F53370-0BBD-4E21-B13C-C7F2D05D0F35}D:\need for speed\nfs.exe" = protocol=6 | dir=in | app=d:\need for speed\nfs.exe | 
"TCP Query User{AD952BE4-E8E1-43B1-9434-433622534F17}Q:\cs 1.6\hl.exe" = protocol=6 | dir=in | app=q:\cs 1.6\hl.exe | 
"TCP Query User{B44B4CCA-E5CD-47DB-ADAE-0DECDC5609EC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{BF56FD46-B7E2-4294-AD12-3E99608C0A2F}D:\bearbeitungsprogramme\loadhack\routerclient.exe" = protocol=6 | dir=in | app=d:\bearbeitungsprogramme\loadhack\routerclient.exe | 
"TCP Query User{E1047DB5-342A-45B4-8562-312B3D2D5298}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{F126F394-586E-47D5-891F-CFA174224650}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F950DD31-0EF6-4891-9ABE-AF088477F7CB}C:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{FD8DBA90-91D9-409B-BC0D-5AEFB898AE9A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{0C247432-04D7-4707-9295-7CE29ABE7385}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{1425068E-C074-41AA-8985-2452528E17B1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{15041823-475F-4C85-AC4E-8E9BB7CE3450}Q:\cs 1.6\hl.exe" = protocol=17 | dir=in | app=q:\cs 1.6\hl.exe | 
"UDP Query User{18EC5E5B-8F12-4158-931A-7FD2BBA084EB}C:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe | 
"UDP Query User{201CECF7-61A5-49C6-BA2C-772B234E3ECE}D:\sniper\sniper elite\sniperelite.exe" = protocol=17 | dir=in | app=d:\sniper\sniper elite\sniperelite.exe | 
"UDP Query User{27CC196D-6C95-4050-A374-C1DB6C1C334B}D:\need for speed\nfs.exe" = protocol=17 | dir=in | app=d:\need for speed\nfs.exe | 
"UDP Query User{2CC72417-5567-4385-A059-49401B802D5A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{43E803C5-93B3-4C36-9AC9-3E2B39864976}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"UDP Query User{4C5C2E2D-D415-4B03-9E38-D430ECA21AA5}D:\bearbeitungsprogramme\loadhack\routerclient.exe" = protocol=17 | dir=in | app=d:\bearbeitungsprogramme\loadhack\routerclient.exe | 
"UDP Query User{73CFF006-447C-4F2D-8ED1-FFB8FAF3451C}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"UDP Query User{960E48F2-FF8A-41B9-9891-A178A94F7109}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{AD03769E-A394-43F7-B2D3-5C52908A3438}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{AF65371D-F6BD-4DDE-8AF2-F2A392BEE142}D:\halo 1 mp\haloce.exe" = protocol=17 | dir=in | app=d:\halo 1 mp\haloce.exe | 
"UDP Query User{BF115C25-8099-45E3-A60F-DDF649A953A7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{C72D9B26-005A-4F83-A90D-DA88E92968F6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{C773F02D-BAD9-4C8B-82F6-86A5047C6C77}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CABD8817-5C6F-4B50-9CC1-86792876A87B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{CB1FFA80-09A3-46B5-9E14-663ADF8F4B03}C:\users\zandy\downloads\halo\haloce.exe" = protocol=17 | dir=in | app=c:\users\zandy\downloads\halo\haloce.exe | 
"UDP Query User{CBDB7A5F-730B-4101-BB92-E1E6B3F4DF78}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{D0DCD784-BC2B-4651-A787-60CF4016863F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{D14C7B62-1635-431C-8AAF-90943DFD5E6B}Q:\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=q:\css\counter-strike source\hl2.exe | 
"UDP Query User{D948BBBA-B79D-4E3F-95FC-CE8AD92C22A9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DF291E2E-1199-438F-BD04-1C5AA8EAD9AA}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"UDP Query User{EA20067D-6D70-4395-B32F-A027D1B31CB0}C:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{F5542E76-F618-47E2-B841-E62E13499F31}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{F832C6D6-25AD-442E-867F-3A85BD916708}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{F8CF76FC-166F-4DB8-9B34-A5A363B6A4C4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{FB2CD881-3CDB-47D5-BD79-7D35B223C7C5}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{FE0EDA0B-BAD7-4B14-92F1-C12F1C8F7327}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1491FF84-E32E-AA9C-C511-777375B77766}" = Catalyst Control Center Localization German
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D78B2E-7160-ABD1-0963-446FB828D1C3}" = Catalyst Control Center Graphics Previews Vista
"{1F649FD8-7201-FD89-F792-1B7D0C36A57C}" = Catalyst Control Center Graphics Previews Common
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CAFEE26-C4AF-6349-6D99-8B5230F47F5E}" = Skins
"{3F750653-FC3C-45A0-5304-615D63C74D07}" = Catalyst Control Center Core Implementation
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43F5AB70-4EDE-4AE8-A5DC-1C8C78868AFF}" = Sitecom Wireless Network USB Adapter 54G WL-113
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{479DCD93-4372-B11C-B727-D1D9A7AE344F}" = ccc-utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55FC05BC-5022-F24B-6309-FD5A95208F94}" = Catalyst Control Center Graphics Full Existing
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5623DF-7951-4D32-8897-73E0A6BC2AA7}" = Samsung PC Studio
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BECDEE0-7126-4F9B-8BE4-E72AEA79571B}" = ArcSoft WebCam Companion 2
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = MyDVD-VR Recorder
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8F371CCB-7EB9-DEE8-82F4-424A148F7DDB}" = CCC Help German
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7D9D2E0-8051-4FCD-DA16-5E44A5B89495}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACC901CB-12A9-4252-8535-4020803CD819}" = Sprachtrainer Découvertes 2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C441197D-F750-4EFE-B3EC-885684D923DB}" = Sprachtrainer Découvertes 3
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD763478-5961-4022-961A-9FB3EA00038A}" = StarOffice 8
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE7A421-E272-FCEA-381A-ED4AACCAA165}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCFFB64E-A757-4430-A455-B947F029BFD4}" = Roxio WinOnCD 9 Basic
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E75055E0-085C-BD62-CD52-2398F3E84A86}" = Catalyst Control Center Graphics Full New
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D5EED1-EB69-421C-A314-8998CA574C51}" = Philips SPC1030NC Webcam
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"10F7630C78CC9B1F315B5FA216ECB493C3ACD3E5" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (06/02/2008 1.0.5.12)
"45BC8B5D6014058D45855440C588F87C62D70673" = Windows-Treiberpaket - Philips (SPC1030) Image  (06/11/2008 5.8.8.042)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free Studio_is1" = Free Studio version 4.8
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = Sonic MyDVD-VR
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"Spyware Doctor" = PC Tools AntiVirus Free
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
dann hab ich noch den Logfile von Malwarebytes :
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4702

Windows 6.0.6000
Internet Explorer 7.0.6000.16916

27.09.2010 16:13:17
mbam-log-

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308146
Laufzeit: 2 Stunde(n), 2 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (Hacked by Godzilla) Good: (Internet Explorer) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\SCS.dll (Trojan.Dropper.PGen) -> No action taken.
D:\Bearbeitungsprogramme\loadhack\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> No action taken.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> No action taken.
C:\Users\Zandy\AppData\Local\Temp\0.5170452955694216.exe (Trojan.Dropper) -> No action taken.
         

Alt 27.09.2010, 15:57   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



D:\Bearbeitungsprogramme\loadhack\ocr\netload.in\asmCaptcha\test.exe

Wasndas?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.09.2010, 19:13   #9
ali321
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



ehm das war mal ein Programm was so ähnlich ist wie JDownloader
hat aber nicht funktioniert ...
Da könnte noch ein Virus drin sein ...
ich deinstallier /lösch den Ordner mal

Alt 27.09.2010, 22:39   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Du hast offensichtlich erst die OTL-Logs erstellt und dann Malwarebytes ausgeführt. Ich hab nicht geschrieben, dass die Reihenfolge egal ist, ich schrieb Malwarebytes und danach OTL. Ist aber nicht schlimm, mach einfach ein neues OTL.txt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.09.2010, 13:33   #11
ali321
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Ups
Code:
ATTFilter
OTL logfile created on: 28.09.2010 14:25:29 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Zandy\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,70 Gb Total Space | 53,02 Gb Free Space | 47,47% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 48,67 Gb Free Space | 43,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEINPC
Current User Name: Zandy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\vspc1030.exe (Sonix)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe (Sitecom Europe BV)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found
SRV - (RSShutdown) -- D:\hackie\service.exe File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found
SRV - (ACPService) --  File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\System32\drivers\spc1030.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- D:\Bearbeitungsprogramme\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (MicNgTun) -- C:\Windows\System32\drivers\MicNgTun.sys (Micronas GmbH)
DRV - (MicNgCap) -- C:\Windows\System32\drivers\MicNgCap.sys (Micronas GmbH)
DRV - (MicNgBas) -- C:\Windows\System32\drivers\MicNgBas.sys (Micronas GmbH)
DRV - (ZD1211U(Sitecom)) Sitecom Wireless Network USB Adapter Driver(Sitecom) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 18:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.18 18:25:19 | 000,000,000 | ---D | M]
 
[2009.03.05 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Extensions
[2010.09.27 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions
[2010.09.25 17:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.24 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}
[2010.02.24 15:52:21 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.02.24 15:52:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.09.23 19:33:53 | 000,002,171 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\bing.xml
[2010.04.27 09:50:20 | 000,000,931 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\conduit.xml
[2010.01.01 20:55:34 | 000,002,055 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\daemon-search.xml
[2010.09.22 19:32:04 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-1.xml
[2009.08.13 08:55:58 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-2.xml
[2009.09.13 15:28:00 | 000,000,961 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-3.xml
[2009.06.22 08:30:30 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin.xml
[2010.09.18 18:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.03.11 15:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010.09.18 18:25:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.18 18:25:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.18 18:25:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.18 18:25:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.18 18:25:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.18 14:37:22 | 000,000,818 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.208.105.171 gs.apple.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.28 14:25:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe
[2010.09.27 13:59:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.27 13:59:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.27 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.25 17:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2010.09.23 15:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Music Files Finder
[2010.09.20 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.09.20 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.09.20 15:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.09.20 15:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.09.19 22:25:17 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\iPod Photo Cache
[2010.09.19 22:07:37 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\Ipod Bilder
[2010.09.18 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\ProgSense
[2010.09.17 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Adobe
[2010.09.17 23:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.09.17 23:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr
[2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182
[2010.09.17 21:25:01 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Download Manager
[2010.09.17 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Deskto
[2010.09.16 14:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010.09.16 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Ableton
[2010.09.16 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Ableton
[2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Notepad++
[2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010.09.02 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.02.05 15:53:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.28 14:29:37 | 004,980,736 | ---- | M] () -- C:\Users\Zandy\NTUSER.DAT
[2010.09.28 14:25:14 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
[2010.09.28 14:22:45 | 001,491,156 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.28 14:22:45 | 000,656,262 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.28 14:22:45 | 000,614,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.28 14:22:45 | 000,121,228 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.28 14:22:45 | 000,108,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.28 14:15:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.28 14:15:22 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.28 14:15:22 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.28 14:15:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.28 14:15:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.28 14:14:53 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.27 22:27:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.27 22:26:54 | 002,981,557 | -H-- | M] () -- C:\Users\Zandy\AppData\Local\IconCache.db
[2010.09.27 21:29:05 | 000,944,535 | ---- | M] () -- C:\Users\Zandy\Desktop\black and wihte.jpg
[2010.09.27 21:16:32 | 001,449,872 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg
[2010.09.27 14:03:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe
[2010.09.26 21:05:38 | 003,052,111 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG
[2010.09.26 20:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.26 14:51:19 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.09.25 17:16:51 | 000,111,616 | ---- | M] () -- C:\Users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.25 17:12:57 | 003,765,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.25 16:28:25 | 000,008,052 | ---- | M] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat
[2010.09.25 13:58:54 | 000,004,368 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg
[2010.09.25 12:52:00 | 000,168,448 | ---- | M] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 23:41:27 | 001,987,907 | ---- | M] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf
[2010.09.24 23:14:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2010.09.20 14:28:21 | 000,009,694 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg
[2010.09.18 18:42:14 | 000,032,738 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg
[2010.09.18 14:37:22 | 000,000,818 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.04 14:19:46 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.31 13:52:19 | 000,001,064 | -H-- | M] () -- C:\Windows\tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.27 21:29:02 | 000,944,535 | ---- | C] () -- C:\Users\Zandy\Desktop\black and wihte.jpg
[2010.09.26 21:20:34 | 001,449,872 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg
[2010.09.25 17:12:11 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.25 13:58:53 | 000,004,368 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg
[2010.09.24 23:41:27 | 001,987,907 | ---- | C] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf
[2010.09.21 21:45:58 | 003,052,111 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG
[2010.09.20 14:28:18 | 000,009,694 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg
[2010.09.18 18:42:10 | 000,032,738 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg
[2010.05.17 17:49:38 | 000,079,360 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePowerS.dll
[2010.05.17 17:49:05 | 000,180,736 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeOptix_ScreenCapS.dll
[2010.05.17 17:48:40 | 000,086,528 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeGetSteamS.dll
[2010.05.17 17:48:25 | 000,108,544 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePwS.dll
[2010.04.20 19:54:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.20 18:32:02 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt
[2010.04.15 17:45:31 | 000,000,614 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\nt.bat
[2010.03.30 21:20:22 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2010.01.01 19:53:27 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.09.06 10:31:45 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.10 23:58:11 | 000,000,168 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\AVSMediaPlayer.m3u
[2009.03.03 20:47:33 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.03.03 20:47:33 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.05 15:53:01 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys
[2009.02.05 15:53:01 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2009.02.05 15:53:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys
[2009.02.05 15:53:01 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini
[2009.01.19 20:45:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2008.12.09 11:32:06 | 000,028,754 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\UserTile.png
[2008.09.20 19:07:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.15 19:28:39 | 000,000,628 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\wklnhst.dat
[2008.01.02 18:42:57 | 000,008,052 | ---- | C] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat
[2007.12.11 12:39:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.12.11 11:54:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.12.04 22:42:17 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.01 08:21:20 | 000,168,448 | ---- | C] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.30 16:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Zandy\AppData\Local\rx_image.Cache
[2007.06.27 03:50:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.05.23 21:39:26 | 000,000,689 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.23 21:39:26 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.05.23 13:12:14 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007.05.23 13:12:12 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini
[2007.05.23 13:07:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.05.19 00:23:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD
< End of report >
         

Alt 28.09.2010, 14:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found
SRV - (RSShutdown) -- D:\hackie\service.exe File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found
SRV - (ACPService) --  File not found
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
[2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr
[2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182
@Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.09.2010, 20:50   #13
ali321
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Ehm kleines Problem ...
Habe alles zu füge den Fix ein klicke auf Fix ..
TaskLeiste verschwindet . Alles weg bis auf das OlT Fenster
dort ein kleiner Ladebalken der hin und her zuckt .. nach 1min
(keine Rückmeldung) und ich muss manuell neu starten

Alt 28.09.2010, 21:21   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Probier es bitte nochmal aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.09.2010, 13:51   #15
ali321
 
PC fährt nicht herunter,Programme hängen sich auf etc. - Standard

PC fährt nicht herunter,Programme hängen sich auf etc.



Hat geklappt danke!
Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named TunngleService was found to stop!
Service\Driver key TunngleService not found.
File  C:\Program Files\Tunngle\TnglCtrl.exe File not found not found.
Error: No service named RSShutdown was found to stop!
Service\Driver key RSShutdown not found.
File  D:\hackie\service.exe File not found not found.
Error: No service named Browser Defender Update Service was found to stop!
Service\Driver key Browser Defender Update Service not found.
File  C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found not found.
Error: No service named ACPService was found to stop!
Service\Driver key ACPService not found.
File   File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49696441-d1bc-11de-9148-000cf61398da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49696441-d1bc-11de-9148-000cf61398da}\ not found.
File O:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f173ffd-6352-11de-ae4c-000cf61398da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f173ffd-6352-11de-ae4c-000cf61398da}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7370f2b-fc9c-11de-bd86-000cf61398da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7370f2b-fc9c-11de-bd86-000cf61398da}\ not found.
File L:\LaunchU3.exe not found.
Folder C:\Users\Zandy\.COMMgr\ not found.
Folder C:\Users\Public\Documents\Server\ not found.
Folder C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182\ not found.
Unable to delete ADS C:\Windows:F5454D0BF17D7B8D .
Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\Temp:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\Temp:430C6D84 .
Unable to delete ADS C:\ProgramData\Temp:7E95B6FD .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
 
User: Public
 
User: Zandy
->Temp folder emptied: 14187723 bytes
->Temporary Internet Files folder emptied: 1881655 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49038782 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 63549 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 36864 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1545920 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 64,00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 09292010_144719

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
gibts nicht ! Grab++ geht wieder DANKE!!!! Mal gucken ob sich die Programme nicht mehr aufhängen bisher läuft alles
vielen vielen Dank!

Geändert von ali321 (29.09.2010 um 13:58 Uhr)

Antwort

Themen zu PC fährt nicht herunter,Programme hängen sich auf etc.
(keine rückmeldung), adobe, antivirus, ask toolbar, ask.com, bho, bonjour, converter, defender, downloader, explorer, firefox, hacked, hijack, hijackthis, hängen, internet, internet explorer, keine rückmeldung, logfile, löschen?, mozilla, mp3, neu aufsetzen, neustart, pop-up-blocker, security, software, system, system neu, system neu aufsetzen, vista, windows, wireless lan



Ähnliche Themen: PC fährt nicht herunter,Programme hängen sich auf etc.


  1. Mein Laptop spinnt,fährt nicht runter,programme lassen sich kaum starten....
    Log-Analyse und Auswertung - 11.11.2015 (37)
  2. Laptop fährt nicht mehr herunter und führt sich selbst wieder aus
    Alles rund um Windows - 16.03.2015 (43)
  3. Windows 7, vermutlich Virus, hängt sich oft beim Suren auf, fährt manchmal nicht runter, Virenscan bleibt hängen...
    Log-Analyse und Auswertung - 21.02.2015 (10)
  4. Mein PC ist langsam und die Programme hängen sich auf.
    Log-Analyse und Auswertung - 07.11.2014 (9)
  5. Virus auf den PC / Virenschutz automatisch entfernt/PC fährt sich nach belieben herunter/Sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 26.04.2014 (1)
  6. Windows 7: Webseiten werden auf Werbung umgeleitet. Pc fährt sich herunter
    Log-Analyse und Auswertung - 26.12.2013 (7)
  7. Computer fährt sich automatisch herunter - BackDoor.Generic16.AUUY
    Log-Analyse und Auswertung - 25.05.2013 (2)
  8. fährt nicht herunter, FN-Tasten verzögern, Taskmanager startet nicht
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (3)
  9. Laptop sehr langsam und bleibt dauernd hängen, fährt auch nicht mehr von allein herunter
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  10. Rechner fährt sich selbst herunter! Vorher Malware-Fund!
    Plagegeister aller Art und deren Bekämpfung - 18.12.2010 (1)
  11. PC fährt nicht hoch,hängt sich immer auf,Programme reagieren nicht :(
    Log-Analyse und Auswertung - 20.12.2009 (2)
  12. Windows fährt nicht herunter
    Log-Analyse und Auswertung - 27.07.2009 (2)
  13. PC fährt nicht mehr herunter...
    Log-Analyse und Auswertung - 03.04.2009 (14)
  14. Programme hängen sich beim beenden auf
    Log-Analyse und Auswertung - 31.01.2009 (0)
  15. Windows fährt nicht mehr herunter!
    Alles rund um Windows - 26.02.2008 (4)
  16. Programme langsam/hängen sich auf
    Plagegeister aller Art und deren Bekämpfung - 15.10.2006 (3)
  17. Programme und Computer hängen sich auf
    Log-Analyse und Auswertung - 22.08.2005 (2)

Zum Thema PC fährt nicht herunter,Programme hängen sich auf etc. - Hallo liebe Forumgemeinde , (Habe schon die SuFu genutzt und einiges gefunden aber bin irgendwie nicht weiter..) Ich hab mal wieder schöne neue Probleme auf meinem PC ... Er fährt - PC fährt nicht herunter,Programme hängen sich auf etc....
Archiv
Du betrachtest: PC fährt nicht herunter,Programme hängen sich auf etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.