| |
| |||||||
Log-Analyse und Auswertung: PC fährt nicht herunter,Programme hängen sich auf etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
26.09.2010, 15:42
| #1 |
 |  PC fährt nicht herunter,Programme hängen sich auf etc. Hallo liebe Forumgemeinde  ,(Habe schon die SuFu genutzt und einiges gefunden aber bin irgendwie nicht weiter..) Ich hab mal wieder schöne neue Probleme auf meinem PC ... Er fährt nicht ordentlich runter und bleibt bei "abmelden" stehen . Hab ihn 2std. lang stehen lassen ohne Erfolg  habe PC Tools AntiVirus 10mal drüberlaufenlassen . Anfangs mit 145 Infektionen und (keine Rückmeldung) also neustart und das ganze nochmal und später im abgesicherten Modus hat es dann funktioniert . Leider besten Probleme wie (keine Rückmeldung und das mein Orbit Grab++ nicht mehr funktioniert weiterhin) Habe mein HJACK Logfile mal bei der Auswertung hochgeladen und nette Sachen wie : Code:
ATTFilter R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
Einmal den ganzen Log : Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:12:13, on 26.09.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16916) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\vspc1030.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\PC Tools Security\pctsTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Users\Zandy\Downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O1 - Hosts: 74.208.105.171 gs.apple.com O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [spc1030] C:\Windows\vspc1030.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsTray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - hxxp://www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{5B175FDC-3A19-4105-AE85-EF088487102C}: NameServer = 192.168.182.1,192.168.182.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE15D25-E061-4EA7-A67B-2FBB0BF7B106}: NameServer = 192.168.182.1,192.168.182.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{D08FD11B-68BB-4DB9-B05C-0694FD0A3F17}: NameServer = 192.168.182.1,192.168.182.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing) O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: RichiStudios Shutdown (RSShutdown) - Unknown owner - D:\hackie\service.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TunngleService - Unknown owner - C:\Program Files\Tunngle\TnglCtrl.exe (file missing) O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10628 bytes Gibt es auch eine Möglichkeit wie defragmentieren und einige Programme deinstallieren und Dateien löschen? Ich bedanke mich schon einmal für schnelle Antworten |
|
26.09.2010, 18:50
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC fährt nicht herunter,Programme hängen sich auf etc.Zitat:
__________________ |
|
26.09.2010, 19:29
| #3 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. Ich habe die Logs leider nicht gespeichert ...
__________________Oder ich weiß nicht wo sie gespeichert werden Konntest du sonst etwas in meinem Hjack log entdecken? |
|
28.09.2010, 20:50
| #4 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. Ehm kleines Problem ... Habe alles zu füge den Fix ein klicke auf Fix .. TaskLeiste verschwindet . Alles weg bis auf das OlT Fenster dort ein kleiner Ladebalken der hin und her zuckt .. nach 1min (keine Rückmeldung) und ich muss manuell neu starten |
|
26.09.2010, 19:30
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Die Logs sollten im Hauptmenü des Virenscanners unter Protokolle/Logdateien/Berichte oder so zu finden sein.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.09.2010, 19:58
| #6 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. find ich nicht .. ich hab nur history gefnden wo steht : Code:
ATTFilter PC Tools PC Tools AntiVirus Free
Date
Status
28.07.2010 12:34:30:100
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:34:30:100
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:34:54:457
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
28.07.2010 12:37:17:506
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:37:17:506
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:37:47:636
IntelliGuards status
All IntelliGuards were Enabled
28.07.2010 12:38:21:606
Immunizer Results
ActiveX section has been immunized, Processed 5161 items.
28.07.2010 12:40:35:599
Scan Started
Scan Type - Full Scan
28.07.2010 12:40:37:317
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adfarm1.adition.com/ adfarm1.adition.com
28.07.2010 12:40:37:456
Scan Finished
Scan Type - Full Scan
Items Processed - 2
Threats Detected - 1
Infections Detected - 1
28.07.2010 12:41:18:606
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adfarm1.adition.com/ adfarm1.adition.com
28.07.2010 12:41:20:886
Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 1
Remove Failed - 0
28.07.2010 12:41:34:756
Scan Started
Scan Type - Custom Scan
28.07.2010 12:41:35:537
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - adtech.de/ adtech.de
28.07.2010 12:41:35:603
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com
28.07.2010 12:41:35:633
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - atdmt.com/ atdmt.com
28.07.2010 12:41:35:756
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - bs.serving-sys.com/ bs.serving-sys.com
28.07.2010 12:41:35:990
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - doubleclick.net/ doubleclick.net
28.07.2010 12:41:36:55
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
28.07.2010 12:41:36:102
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - mediaplex.com/ mediaplex.com
28.07.2010 12:41:36:629
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com
28.07.2010 12:41:36:730
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - tradedoubler.com/ tradedoubler.com
28.07.2010 12:41:36:753
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - weborama.fr/ weborama.fr
28.07.2010 12:45:04:596
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:45:04:596
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:45:04:656
IntelliGuards status
All IntelliGuards were Enabled
28.07.2010 12:45:05:943
Immunizer Results
ActiveX section has been immunized. No items were processed.
28.07.2010 12:45:34:812
Scan Started
Scan Type - Intelli-Scan
28.07.2010 12:45:35:682
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - adtech.de/ adtech.de
28.07.2010 12:45:35:750
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com
28.07.2010 12:45:35:778
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - atdmt.com/ atdmt.com
28.07.2010 12:45:35:901
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - bs.serving-sys.com/ bs.serving-sys.com
28.07.2010 12:45:36:137
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - doubleclick.net/ doubleclick.net
28.07.2010 12:45:36:201
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
28.07.2010 12:45:36:245
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - mediaplex.com/ mediaplex.com
28.07.2010 12:45:36:798
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com
24.09.2010 08:04:53:156
Service Started
PC Tools AntiVirus Free Service Application started
24.09.2010 08:04:53:157
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24.09.2010 08:04:54:698
IntelliGuards status
All IntelliGuards were Enabled
24.09.2010 08:04:56:87
Immunizer Results
ActiveX section has been immunized, Processed 3 items.
24.09.2010 08:09:26:518
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
24.09.2010 16:42:02:45
Service Started
PC Tools AntiVirus Free Service Application started
24.09.2010 16:42:02:45
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24.09.2010 16:42:02:215
IntelliGuards status
All IntelliGuards were Enabled
24.09.2010 16:42:18:199
Immunizer Results
ActiveX section has been immunized. No items were processed.
24.09.2010 16:55:02:342
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
24.09.2010 17:08:46:686
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
25.09.2010 13:50:00:585
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 13:50:00:585
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 13:51:51:522
Scan Started
Scan Type - Full Scan
25.09.2010 13:51:52:918
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com
25.09.2010 13:51:53:566
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com
25.09.2010 13:51:53:711
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 13:51:54:644
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com
25.09.2010 16:28:54:348
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 16:28:54:348
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 16:29:03:802
Scan Started
Scan Type - Full Scan
25.09.2010 17:11:15:668
Scan Finished
Scan Type - Full Scan
Items Processed - 154237
Threats Detected - 0
Infections Detected - 0
25.09.2010 17:11:19:942
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
25.09.2010 17:13:37:590
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 17:13:37:590
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 17:13:37:720
IntelliGuards status
All IntelliGuards were Enabled
25.09.2010 17:13:39:770
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 17:22:46:531
Scan Started
Scan Type - Full Scan
25.09.2010 17:24:03:750
Smart Update
Smart Update has successfully installed new updates.
25.09.2010 17:24:05:726
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 18:00:09:971
Scheduled Scan Skipped
Scheduled task Intelli-Scan of this computer skipped - another scan is already running.
25.09.2010 18:58:04:974
Scan Finished
Scan Type - Full Scan
Items Processed - 179581
Threats Detected - 0
Infections Detected - 0
25.09.2010 20:08:20:657
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 20:08:20:657
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 20:08:23:164
IntelliGuards status
All IntelliGuards were Enabled
25.09.2010 20:08:25:232
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 20:13:10:632
Scan Started
Scan Type - Full Scan
25.09.2010 20:13:11:596
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 20:25:24:11
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
25.09.2010 21:12:06:382
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 22:15:10:454
Scan Finished
Scan Type - Full Scan
Items Processed - 363540
Threats Detected - 2
Infections Detected - 2
25.09.2010 23:17:00:632
Infection quarantined
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 23:17:00:672
Infection cleaned
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 23:17:00:769
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 23:17:03:419
Infections Quarantined/Removed Summary
Quarantined - 1
Quarantine Failed - 0
Removed - 2
Remove Failed - 0
26.09.2010 00:20:14:613
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 16:00:15:858
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 16:00:15:858
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 16:00:15:994
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 16:00:20:716
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 16:18:10:727
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
26.09.2010 16:42:40:324
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 18:06:53:7
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 18:06:53:7
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 18:06:53:261
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 18:07:11:49
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 18:25:25:891
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
26.09.2010 19:26:11:759
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 20:25:17:525
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 20:25:17:525
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 20:25:17:805
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 20:25:31:590
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 20:37:30:978
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
|
|
27.09.2010, 10:16
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2010, 15:21
| #8 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. Ok habe alles so gemacht wie beschrieben OTL files : Code:
ATTFilter OTL logfile created on: 27.09.2010 14:07:34 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Zandy\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16916) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,70 Gb Total Space | 53,15 Gb Free Space | 47,58% Space Free | Partition Type: NTFS Drive D: | 111,43 Gb Total Space | 48,65 Gb Free Space | 43,66% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Q: | 931,51 Gb Total Space | 669,33 Gb Free Space | 71,85% Space Free | Partition Type: NTFS Computer Name: MEINPC Current User Name: Zandy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\ehome\mcupdate.exe (Microsoft Corporation) PRC - C:\Windows\vspc1030.exe (Sonix) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe (Sitecom Europe BV) ========== Modules (SafeList) ========== MOD - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\guard32.dll (COMODO) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found SRV - (RSShutdown) -- D:\hackie\service.exe File not found SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found SRV - (ACPService) -- File not found SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\System32\drivers\spc1030.sys () DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- D:\Bearbeitungsprogramme\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (MicNgTun) -- C:\Windows\System32\drivers\MicNgTun.sys (Micronas GmbH) DRV - (MicNgCap) -- C:\Windows\System32\drivers\MicNgCap.sys (Micronas GmbH) DRV - (MicNgBas) -- C:\Windows\System32\drivers\MicNgBas.sys (Micronas GmbH) DRV - (ZD1211U(Sitecom)) Sitecom Wireless Network USB Adapter Driver(Sitecom) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 18:25:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.18 18:25:19 | 000,000,000 | ---D | M] [2009.03.05 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Extensions [2010.09.27 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions [2010.09.25 17:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.24 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4} [2010.02.24 15:52:21 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2010.02.24 15:52:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2009.09.23 19:33:53 | 000,002,171 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\bing.xml [2010.04.27 09:50:20 | 000,000,931 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\conduit.xml [2010.01.01 20:55:34 | 000,002,055 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\daemon-search.xml [2010.09.22 19:32:04 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-1.xml [2009.08.13 08:55:58 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-2.xml [2009.09.13 15:28:00 | 000,000,961 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-3.xml [2009.06.22 08:30:30 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin.xml [2010.09.18 18:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.03.11 15:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2010.09.18 18:25:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.18 18:25:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.18 18:25:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.18 18:25:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.18 18:25:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.18 14:37:22 | 000,000,818 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 74.208.105.171 gs.apple.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.12.25 14:43:30 | 000,000,067 | ---- | M] () - Q:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.27 14:03:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe [2010.09.27 13:59:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.27 13:59:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.27 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.25 17:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader [2010.09.23 15:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Music Files Finder [2010.09.20 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.09.20 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.09.20 15:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.09.20 15:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.09.19 22:25:17 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\iPod Photo Cache [2010.09.19 22:07:37 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\Ipod Bilder [2010.09.18 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\ProgSense [2010.09.17 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Adobe [2010.09.17 23:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.09.17 23:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr [2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182 [2010.09.17 21:25:01 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Download Manager [2010.09.17 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Deskto [2010.09.16 14:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton [2010.09.16 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Ableton [2010.09.16 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Ableton [2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Notepad++ [2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2010.09.02 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009.02.05 15:53:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.27 14:12:15 | 004,980,736 | ---- | M] () -- C:\Users\Zandy\NTUSER.DAT [2010.09.27 14:10:24 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job [2010.09.27 14:03:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe [2010.09.27 14:01:06 | 001,491,156 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.27 14:01:06 | 000,656,262 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.27 14:01:06 | 000,614,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.27 14:01:06 | 000,121,228 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.27 14:01:06 | 000,108,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.27 13:56:49 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.27 13:55:45 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.27 13:55:45 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.27 13:55:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.27 13:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.27 13:55:15 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2010.09.26 21:40:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.26 21:40:41 | 002,976,619 | -H-- | M] () -- C:\Users\Zandy\AppData\Local\IconCache.db [2010.09.26 21:20:44 | 001,579,830 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg [2010.09.26 21:05:38 | 003,052,111 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG [2010.09.26 20:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.26 14:51:19 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010.09.25 17:16:51 | 000,111,616 | ---- | M] () -- C:\Users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.25 17:12:57 | 003,765,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.25 16:28:25 | 000,008,052 | ---- | M] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat [2010.09.25 13:58:54 | 000,004,368 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg [2010.09.25 12:52:00 | 000,168,448 | ---- | M] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 23:41:27 | 001,987,907 | ---- | M] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf [2010.09.24 23:14:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2010.09.20 14:28:21 | 000,009,694 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg [2010.09.18 18:42:14 | 000,032,738 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg [2010.09.18 14:37:22 | 000,000,818 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.09.04 14:19:46 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.08.31 13:52:19 | 000,001,064 | -H-- | M] () -- C:\Windows\tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.26 21:20:34 | 001,579,830 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg [2010.09.25 17:12:11 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys [2010.09.25 13:58:53 | 000,004,368 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg [2010.09.24 23:41:27 | 001,987,907 | ---- | C] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf [2010.09.21 21:45:58 | 003,052,111 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG [2010.09.20 14:28:18 | 000,009,694 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg [2010.09.18 18:42:10 | 000,032,738 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg [2010.05.17 17:49:38 | 000,079,360 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePowerS.dll [2010.05.17 17:49:05 | 000,180,736 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeOptix_ScreenCapS.dll [2010.05.17 17:48:40 | 000,086,528 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeGetSteamS.dll [2010.05.17 17:48:25 | 000,108,544 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePwS.dll [2010.04.20 19:54:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.04.20 18:32:02 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt [2010.04.15 17:45:31 | 000,000,614 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\nt.bat [2010.03.30 21:20:22 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys [2010.02.25 20:48:43 | 000,157,184 | -HS- | C] () -- C:\Windows\System32\SCS.dll [2010.01.01 19:53:27 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.09.06 10:31:45 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.03.10 23:58:11 | 000,000,168 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\AVSMediaPlayer.m3u [2009.03.03 20:47:33 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.03.03 20:47:33 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.02.05 15:53:01 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys [2009.02.05 15:53:01 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll [2009.02.05 15:53:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys [2009.02.05 15:53:01 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini [2009.01.19 20:45:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2008.12.09 11:32:06 | 000,028,754 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\UserTile.png [2008.09.20 19:07:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.06.15 19:28:39 | 000,000,628 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\wklnhst.dat [2008.01.02 18:42:57 | 000,008,052 | ---- | C] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat [2007.12.11 12:39:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2007.12.11 11:54:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.12.04 22:42:17 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.01 08:21:20 | 000,168,448 | ---- | C] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.30 16:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Zandy\AppData\Local\rx_image.Cache [2007.06.27 03:50:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.05.23 21:39:26 | 000,000,689 | ---- | C] () -- C:\Windows\generic.ini [2007.05.23 21:39:26 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.23 13:12:14 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL [2007.05.23 13:12:12 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini [2007.05.23 13:07:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.05.19 00:23:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.09.2010 14:07:34 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Zandy\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,70 Gb Total Space | 53,15 Gb Free Space | 47,58% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 48,65 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 931,51 Gb Total Space | 669,33 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
Computer Name: MEINPC
Current User Name: Zandy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Zandy\Desktop\Allgemein\BitTorrent\bittorrent.exe" = C:\Users\Zandy\Desktop\Allgemein\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"D:\AirRivals_DE\Launcher.atm" = D:\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- File not found
"D:\AirRivals_DE\Res-Voip\SCVoIP.exe" = D:\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B3A891-60F5-4DCB-B5C4-40859E111C32}" = rport=138 | protocol=17 | dir=out | app=system |
"{0104B14D-5906-4415-822B-EAB1893BEF44}" = lport=138 | protocol=17 | dir=in | app=system |
"{019FF6CB-E9E9-456C-B7D7-4D426BAAA06A}" = lport=5050 | protocol=6 | dir=in | name=5050 |
"{094908A9-4C64-493F-ACC4-4D821C3F2154}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2D9869FE-DAFA-441E-9AED-6A9558BF9344}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{31B860DA-73B5-4EDD-AD7E-9A4C28E974E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{353D86E6-EEBF-4363-A987-1AA4A108596D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{35C20EC4-DCD9-45B8-9363-3916C4BE4116}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B348D8C-F25F-4DF0-9CA9-0D0E5089FEEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{59637524-E8C3-40A3-87CF-F64570690B26}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BBE7987-32AC-4EF6-A0E0-CAB6579D46DB}" = rport=139 | protocol=6 | dir=out | app=system |
"{67CD75F9-2271-4C03-8B32-CFA5D21E96A3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C0027A4-EF84-46A4-92CA-0731201BD356}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6EC81507-C5BE-46EA-8AE5-42D0E4FD68C0}" = lport=13146 | protocol=6 | dir=in | name=azereus |
"{793B1A50-4816-4EC0-973D-3B8EFF5A78A6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7B4975F7-FB3F-4111-98EB-179FDD4E5AEF}" = rport=445 | protocol=6 | dir=out | app=system |
"{82A4166F-E314-40DD-A545-5B432F5413A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B7431A9-2BE0-4F39-8414-F30DA3DE39E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8DE40A60-D798-48F4-A153-3793A15FD50E}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8BD2364-3BB7-4E1F-8ACF-F636176028B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD75BEC7-A89D-4A9A-88C0-8A56D6CB0391}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0510FFD-31BD-4013-BA10-CCBF664E19F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C4F8ABEA-7C0E-49F4-BA72-A7DC38BE971B}" = lport=139 | protocol=6 | dir=in | app=system |
"{D26B66A3-C331-4A18-8E2D-0E116B316EE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC359436-E112-4B1F-82F2-1F5EFA050736}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC402580-9923-48BF-8384-E3ADCCDE65C3}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0037F6F1-2ED5-4758-A051-17534ADA50A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08BA8DA1-E50E-4338-BD57-6D004206509A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C09A92E-317A-49B4-ABE4-ACEB3D7CCEA2}" = dir=in | app=d:\bearbeitungsprogramme\playmovie\pmvservice.exe |
"{1E7B9E66-F410-4A0E-A2B3-C0C2EEC12345}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{246B7977-686F-4DA2-8196-22FF931E54FE}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{302621DD-9CB1-46D1-91A7-80B2DC5DCA8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35519704-ADE4-48A5-85FD-7F294D47CD16}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{3D7BBBCB-C18E-4510-8083-6930FCD3C597}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3E3A4BD3-F48E-4EBB-9F11-AB947392FB2F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{416E957D-5107-4071-96D8-0BB207AFE0C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{454AD2B8-0EF2-4CA3-83CC-29132654F184}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{4B049494-498E-4177-B2A3-4000FBFA9021}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{53FAECCC-E85D-46B8-B54E-7DF1BC185EA0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{5412D00E-8A16-4123-88ED-CD6AA22D3F15}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5718ACAF-9DBA-4EE8-B019-33F145E49700}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{611110B8-EE89-4A21-8A2D-5053A5DC207F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{6EEC8F4A-FFFC-4C9E-98E6-FA1E30CC374C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{72E8576F-4E3B-4E2D-8211-E11912D746AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{826B0EDB-35C3-4342-B5E2-6481D15DA55E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{8DF272AA-F8A8-498B-8475-7BFEC2291493}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{94525E22-426E-4773-B5FF-9CFC91DFB5B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9DBE8352-2E24-4D17-873F-54B046C4A649}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{A3B4D216-2253-4C53-A46C-4749CDB21994}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF4CA328-D47A-4200-8B2A-37ACFCF2FAD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B3DCFAE8-4C34-4A69-9B52-84D14D5B2D5E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B8FE0290-2691-4776-A54D-0D777FD29E3A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD7E1CB9-2370-4198-A5CF-58651265180B}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{BE8FFDCD-A522-41A9-AAF6-ECFC19C373ED}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{C716D6EE-2123-4A8E-AE23-A79B12FBF6BE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{C852B588-B676-4AF6-B40D-C88F9F4A1E76}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{C9248B30-C2FC-4C22-AF04-EBA0EC6EAB6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9DD64A6-B8C2-4CFA-9EE7-5346473DF6F3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAFDCF0A-3BD5-4D62-9EA7-886705B63F88}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{CBB355BB-7F9F-431A-BD40-DED8B265A51E}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{D74A9B68-6710-47C6-AA8B-7172A2C595BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1DCE130-9AE8-4B6E-A6F6-DEF37CE93D1A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E8598425-C28A-4D98-8681-1C8ED9393D3F}" = dir=in | app=d:\bearbeitungsprogramme\playmovie\playmovie.exe |
"TCP Query User{0104331B-692C-48A0-BF84-C512EEC82292}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{0A477EC7-C641-4608-9FD6-FC5E49F90E6E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{0F1933EC-9B6F-4A99-B4BD-CF696C3DFFD8}D:\halo 1 mp\haloce.exe" = protocol=6 | dir=in | app=d:\halo 1 mp\haloce.exe |
"TCP Query User{1290680D-7BBB-408C-96DD-E801324C324F}C:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe |
"TCP Query User{1BD25AC1-361A-4F9B-B730-F1A065A01627}Q:\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=q:\css\counter-strike source\hl2.exe |
"TCP Query User{236B5E77-B703-4EDF-BFFA-A84DB66322F6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3DB97748-4353-45E5-960E-832E7E3A3FA8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{3FD9ECE9-2448-4656-8273-203C8D4D7995}D:\sniper\sniper elite\sniperelite.exe" = protocol=6 | dir=in | app=d:\sniper\sniper elite\sniperelite.exe |
"TCP Query User{41CC5285-8594-45D7-BFCD-F2A5E60ED7ED}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{44858294-7D0A-41D1-90B1-CD375AE6388B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5CCA4F48-6DC8-4629-992F-83652782F967}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{614F1BD6-42A4-485F-B305-5DB22E57D5D0}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{6C988A3C-433E-4BAE-BF35-2DEA4257CB89}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{6F87A5C4-35E6-4C5A-B774-DEBE9F4BB11A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{6FE46B79-6652-426D-B3E5-E8868A14F8C5}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{747612FE-B0FD-4380-92A2-E4F603ACFA3B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{74D22B22-0777-41A9-98A8-697A99A123A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{85CF08CE-B4C4-4B9E-AAAA-A527E385B164}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{8678D507-865D-41D1-B72A-BEC530C6B3DE}C:\users\zandy\downloads\halo\haloce.exe" = protocol=6 | dir=in | app=c:\users\zandy\downloads\halo\haloce.exe |
"TCP Query User{88D46B82-67FC-4C0D-95DB-E84DAEBE8BA6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8B5023F9-A317-4D02-9F91-A9B3D21481EC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9A7E8807-0E45-4EAC-BC6B-1D35DD8879DB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A4F53370-0BBD-4E21-B13C-C7F2D05D0F35}D:\need for speed\nfs.exe" = protocol=6 | dir=in | app=d:\need for speed\nfs.exe |
"TCP Query User{AD952BE4-E8E1-43B1-9434-433622534F17}Q:\cs 1.6\hl.exe" = protocol=6 | dir=in | app=q:\cs 1.6\hl.exe |
"TCP Query User{B44B4CCA-E5CD-47DB-ADAE-0DECDC5609EC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BF56FD46-B7E2-4294-AD12-3E99608C0A2F}D:\bearbeitungsprogramme\loadhack\routerclient.exe" = protocol=6 | dir=in | app=d:\bearbeitungsprogramme\loadhack\routerclient.exe |
"TCP Query User{E1047DB5-342A-45B4-8562-312B3D2D5298}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{F126F394-586E-47D5-891F-CFA174224650}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F950DD31-0EF6-4891-9ABE-AF088477F7CB}C:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe |
"TCP Query User{FD8DBA90-91D9-409B-BC0D-5AEFB898AE9A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0C247432-04D7-4707-9295-7CE29ABE7385}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{1425068E-C074-41AA-8985-2452528E17B1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{15041823-475F-4C85-AC4E-8E9BB7CE3450}Q:\cs 1.6\hl.exe" = protocol=17 | dir=in | app=q:\cs 1.6\hl.exe |
"UDP Query User{18EC5E5B-8F12-4158-931A-7FD2BBA084EB}C:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe |
"UDP Query User{201CECF7-61A5-49C6-BA2C-772B234E3ECE}D:\sniper\sniper elite\sniperelite.exe" = protocol=17 | dir=in | app=d:\sniper\sniper elite\sniperelite.exe |
"UDP Query User{27CC196D-6C95-4050-A374-C1DB6C1C334B}D:\need for speed\nfs.exe" = protocol=17 | dir=in | app=d:\need for speed\nfs.exe |
"UDP Query User{2CC72417-5567-4385-A059-49401B802D5A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{43E803C5-93B3-4C36-9AC9-3E2B39864976}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{4C5C2E2D-D415-4B03-9E38-D430ECA21AA5}D:\bearbeitungsprogramme\loadhack\routerclient.exe" = protocol=17 | dir=in | app=d:\bearbeitungsprogramme\loadhack\routerclient.exe |
"UDP Query User{73CFF006-447C-4F2D-8ED1-FFB8FAF3451C}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{960E48F2-FF8A-41B9-9891-A178A94F7109}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{AD03769E-A394-43F7-B2D3-5C52908A3438}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{AF65371D-F6BD-4DDE-8AF2-F2A392BEE142}D:\halo 1 mp\haloce.exe" = protocol=17 | dir=in | app=d:\halo 1 mp\haloce.exe |
"UDP Query User{BF115C25-8099-45E3-A60F-DDF649A953A7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C72D9B26-005A-4F83-A90D-DA88E92968F6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C773F02D-BAD9-4C8B-82F6-86A5047C6C77}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CABD8817-5C6F-4B50-9CC1-86792876A87B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CB1FFA80-09A3-46B5-9E14-663ADF8F4B03}C:\users\zandy\downloads\halo\haloce.exe" = protocol=17 | dir=in | app=c:\users\zandy\downloads\halo\haloce.exe |
"UDP Query User{CBDB7A5F-730B-4101-BB92-E1E6B3F4DF78}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D0DCD784-BC2B-4651-A787-60CF4016863F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{D14C7B62-1635-431C-8AAF-90943DFD5E6B}Q:\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=q:\css\counter-strike source\hl2.exe |
"UDP Query User{D948BBBA-B79D-4E3F-95FC-CE8AD92C22A9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DF291E2E-1199-438F-BD04-1C5AA8EAD9AA}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{EA20067D-6D70-4395-B32F-A027D1B31CB0}C:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe |
"UDP Query User{F5542E76-F618-47E2-B841-E62E13499F31}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{F832C6D6-25AD-442E-867F-3A85BD916708}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{F8CF76FC-166F-4DB8-9B34-A5A363B6A4C4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{FB2CD881-3CDB-47D5-BD79-7D35B223C7C5}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{FE0EDA0B-BAD7-4B14-92F1-C12F1C8F7327}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1491FF84-E32E-AA9C-C511-777375B77766}" = Catalyst Control Center Localization German
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D78B2E-7160-ABD1-0963-446FB828D1C3}" = Catalyst Control Center Graphics Previews Vista
"{1F649FD8-7201-FD89-F792-1B7D0C36A57C}" = Catalyst Control Center Graphics Previews Common
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CAFEE26-C4AF-6349-6D99-8B5230F47F5E}" = Skins
"{3F750653-FC3C-45A0-5304-615D63C74D07}" = Catalyst Control Center Core Implementation
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43F5AB70-4EDE-4AE8-A5DC-1C8C78868AFF}" = Sitecom Wireless Network USB Adapter 54G WL-113
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{479DCD93-4372-B11C-B727-D1D9A7AE344F}" = ccc-utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55FC05BC-5022-F24B-6309-FD5A95208F94}" = Catalyst Control Center Graphics Full Existing
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5623DF-7951-4D32-8897-73E0A6BC2AA7}" = Samsung PC Studio
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BECDEE0-7126-4F9B-8BE4-E72AEA79571B}" = ArcSoft WebCam Companion 2
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = MyDVD-VR Recorder
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8F371CCB-7EB9-DEE8-82F4-424A148F7DDB}" = CCC Help German
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7D9D2E0-8051-4FCD-DA16-5E44A5B89495}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACC901CB-12A9-4252-8535-4020803CD819}" = Sprachtrainer Découvertes 2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C441197D-F750-4EFE-B3EC-885684D923DB}" = Sprachtrainer Découvertes 3
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD763478-5961-4022-961A-9FB3EA00038A}" = StarOffice 8
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE7A421-E272-FCEA-381A-ED4AACCAA165}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCFFB64E-A757-4430-A455-B947F029BFD4}" = Roxio WinOnCD 9 Basic
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E75055E0-085C-BD62-CD52-2398F3E84A86}" = Catalyst Control Center Graphics Full New
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D5EED1-EB69-421C-A314-8998CA574C51}" = Philips SPC1030NC Webcam
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"10F7630C78CC9B1F315B5FA216ECB493C3ACD3E5" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA (06/02/2008 1.0.5.12)
"45BC8B5D6014058D45855440C588F87C62D70673" = Windows-Treiberpaket - Philips (SPC1030) Image (06/11/2008 5.8.8.042)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free Studio_is1" = Free Studio version 4.8
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = Sonic MyDVD-VR
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"Spyware Doctor" = PC Tools AntiVirus Free
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4702
Windows 6.0.6000
Internet Explorer 7.0.6000.16916
27.09.2010 16:13:17
mbam-log-
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308146
Laufzeit: 2 Stunde(n), 2 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (Hacked by Godzilla) Good: (Internet Explorer) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\System32\SCS.dll (Trojan.Dropper.PGen) -> No action taken.
D:\Bearbeitungsprogramme\loadhack\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> No action taken.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> No action taken.
C:\Users\Zandy\AppData\Local\Temp\0.5170452955694216.exe (Trojan.Dropper) -> No action taken.
|
|
29.09.2010, 16:39
| #9 |
| | PC fährt nicht herunter,Programme hängen sich auf etc.Code:
ATTFilter ComboFix 10-09-28.03 - Zandy 29.09.2010 16:27:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.1963 [GMT 2:00]
ausgeführt von:: c:\users\Zandy\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
C:\start
c:\users\Zandy\AppData\Roaming\Aqdizi
c:\users\Zandy\AppData\Roaming\Aqdizi\ezoq.muu
c:\users\Zandy\AppData\Roaming\Desktopicon
c:\users\Zandy\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Zandy\AppData\Roaming\Desktopicon\uninst.exe
Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-28 bis 2010-09-29 ))))))))))))))))))))))))))))))
.
2010-09-29 14:39 . 2010-09-29 14:40 -------- d-----w- c:\users\Zandy\AppData\Local\temp
2010-09-29 12:53 . 2010-09-29 12:53 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42 -------- d-----w- C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48 -------- d-----w- c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42 -------- d-----w- c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33 -------- d-----w- c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59 -------- d-----w- c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02 -------- d-----w- c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03 -------- d-----w- c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00 -------- d-----w- c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00 -------- d-----w- c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25 -------- d-----w- c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43 -------- d-----w- c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25 -------- d-----w- c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05 -------- d-----w- c:\users\Zandy\Deskto
2010-09-17 06:35 . 2010-09-16 15:20 28048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED9EEC5D-C01E-4A04-8570-8884A14C9265}\mpasdlta.vdm
2010-09-17 06:35 . 2010-09-17 06:35 12300688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED9EEC5D-C01E-4A04-8570-8884A14C9265}\mpasbase.vdm
2010-09-16 12:58 . 2010-09-16 12:58 -------- d-----w- c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58 -------- d-----w- c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57 -------- d-----w- c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57 -------- d-----w- c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43 -------- d-----w- c:\program files\QuickTime
2010-09-01 07:12 . 2010-09-01 07:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 14:33 . 2006-11-02 15:33 656262 ----a-w- c:\windows\system32\perfh007.dat
2010-09-29 14:33 . 2006-11-02 15:33 121228 ----a-w- c:\windows\system32\perfc007.dat
2010-09-29 14:24 . 2010-02-16 15:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-29 14:18 . 2008-09-20 17:02 -------- d-----w- c:\users\Zandy\AppData\Roaming\Skype
2010-09-29 14:18 . 2008-09-20 17:07 -------- d-----w- c:\users\Zandy\AppData\Roaming\skypePM
2010-09-29 13:11 . 2009-03-07 16:18 -------- d-----w- c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-25 15:16 . 2007-11-30 12:49 111616 ----a-w- c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56 -------- d-----w- c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42 8052 ----a-w- c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33 -------- d-----w- c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48 0 ----a-w- c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08 -------- d-----w- c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45 -------- d-sh--r- c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42 -------- d-----w- c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48 -------- d-----w- c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04 -------- d-----w- c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-14 14:41 . 2007-12-01 21:15 582544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm
2010-09-13 15:08 . 2009-02-05 13:57 -------- d-----w- c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16 2564863 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50 -------- d-----w- c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00 -------- d-----w- c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 20:19 . 2007-05-23 11:09 -------- d-----w- c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57 -------- d-----w- c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31 -------- d-----w- c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01 -------- d-----r- c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30 -------- d-----w- c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09 -------- d-----w- c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15 -------- d-sh--w- c:\users\Zandy\AppData\Roaming\lowsec
2010-08-24 13:00 . 2007-12-01 21:15 12120464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.vdm
2010-08-05 21:05 . 2009-03-03 20:42 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
.
------- Sigcheck -------
[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"{68657190-7121-20E8-42E7-B6B473543351}"=c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
"userinit"=c:\users\Zandy\AppData\Roaming\sdra64.exe
"Windows Update"=c:\users\Zandy\AppData\Roaming\netssh.exe
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=c:\users\Zandy\AppData\Roaming\netssh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]
2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]
2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {38C40A29-A3EC-4951-93B1-95FA03AA6BE0} = 192.168.178.1,192.168.178.2
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-BMIMZMHMFM - c:\users\Zandy\AppData\Local\Temp\Rcx.exe
MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas21.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-29 16:39
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\windows\System32\guard32.dll
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2010-09-29 16:45:18
ComboFix-quarantined-files.txt 2010-09-29 14:45
Vor Suchlauf: 14 Verzeichnis(se), 56.898.908.160 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 56.724.508.672 Bytes frei
- - End Of File - - FCFE09711B073FE17FA14EB365969841
gab kleine anlaufschwierigkeiten aber am ende liefs wunderbar  |
|
27.09.2010, 15:57
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. D:\Bearbeitungsprogramme\loadhack\ocr\netload.in\asmCaptcha\test.exe Wasndas? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2010, 19:13
| #11 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. ehm das war mal ein Programm was so ähnlich ist wie JDownloader hat aber nicht funktioniert ... Da könnte noch ein Virus drin sein ... ich deinstallier /lösch den Ordner mal |
|
27.09.2010, 22:39
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Du hast offensichtlich erst die OTL-Logs erstellt und dann Malwarebytes ausgeführt. Ich hab nicht geschrieben, dass die Reihenfolge egal ist, ich schrieb Malwarebytes und danach OTL. Ist aber nicht schlimm, mach einfach ein neues OTL.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2010, 13:33
| #13 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. Ups Code:
ATTFilter OTL logfile created on: 28.09.2010 14:25:29 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Zandy\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16916) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,70 Gb Total Space | 53,02 Gb Free Space | 47,47% Space Free | Partition Type: NTFS Drive D: | 111,43 Gb Total Space | 48,67 Gb Free Space | 43,67% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MEINPC Current User Name: Zandy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\vspc1030.exe (Sonix) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe (Sitecom Europe BV) ========== Modules (SafeList) ========== MOD - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\guard32.dll (COMODO) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found SRV - (RSShutdown) -- D:\hackie\service.exe File not found SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found SRV - (ACPService) -- File not found SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\System32\drivers\spc1030.sys () DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- D:\Bearbeitungsprogramme\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (MicNgTun) -- C:\Windows\System32\drivers\MicNgTun.sys (Micronas GmbH) DRV - (MicNgCap) -- C:\Windows\System32\drivers\MicNgCap.sys (Micronas GmbH) DRV - (MicNgBas) -- C:\Windows\System32\drivers\MicNgBas.sys (Micronas GmbH) DRV - (ZD1211U(Sitecom)) Sitecom Wireless Network USB Adapter Driver(Sitecom) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 18:25:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.18 18:25:19 | 000,000,000 | ---D | M] [2009.03.05 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Extensions [2010.09.27 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions [2010.09.25 17:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.24 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4} [2010.02.24 15:52:21 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2010.02.24 15:52:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2009.09.23 19:33:53 | 000,002,171 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\bing.xml [2010.04.27 09:50:20 | 000,000,931 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\conduit.xml [2010.01.01 20:55:34 | 000,002,055 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\daemon-search.xml [2010.09.22 19:32:04 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-1.xml [2009.08.13 08:55:58 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-2.xml [2009.09.13 15:28:00 | 000,000,961 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-3.xml [2009.06.22 08:30:30 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin.xml [2010.09.18 18:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.03.11 15:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2010.09.18 18:25:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.18 18:25:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.18 18:25:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.18 18:25:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.18 18:25:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.18 14:37:22 | 000,000,818 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 74.208.105.171 gs.apple.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.28 14:25:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe [2010.09.27 13:59:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.27 13:59:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.27 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.25 17:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader [2010.09.23 15:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Music Files Finder [2010.09.20 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.09.20 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.09.20 15:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.09.20 15:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.09.19 22:25:17 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\iPod Photo Cache [2010.09.19 22:07:37 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\Ipod Bilder [2010.09.18 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\ProgSense [2010.09.17 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Adobe [2010.09.17 23:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.09.17 23:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr [2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182 [2010.09.17 21:25:01 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Download Manager [2010.09.17 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Deskto [2010.09.16 14:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton [2010.09.16 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Ableton [2010.09.16 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Ableton [2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Notepad++ [2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2010.09.02 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009.02.05 15:53:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 14:29:37 | 004,980,736 | ---- | M] () -- C:\Users\Zandy\NTUSER.DAT [2010.09.28 14:25:14 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job [2010.09.28 14:22:45 | 001,491,156 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.28 14:22:45 | 000,656,262 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.28 14:22:45 | 000,614,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.28 14:22:45 | 000,121,228 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.28 14:22:45 | 000,108,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.28 14:15:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.28 14:15:22 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.28 14:15:22 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.28 14:15:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.28 14:15:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.28 14:14:53 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2010.09.27 22:27:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.27 22:26:54 | 002,981,557 | -H-- | M] () -- C:\Users\Zandy\AppData\Local\IconCache.db [2010.09.27 21:29:05 | 000,944,535 | ---- | M] () -- C:\Users\Zandy\Desktop\black and wihte.jpg [2010.09.27 21:16:32 | 001,449,872 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg [2010.09.27 14:03:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe [2010.09.26 21:05:38 | 003,052,111 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG [2010.09.26 20:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.26 14:51:19 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010.09.25 17:16:51 | 000,111,616 | ---- | M] () -- C:\Users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.25 17:12:57 | 003,765,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.25 16:28:25 | 000,008,052 | ---- | M] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat [2010.09.25 13:58:54 | 000,004,368 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg [2010.09.25 12:52:00 | 000,168,448 | ---- | M] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 23:41:27 | 001,987,907 | ---- | M] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf [2010.09.24 23:14:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2010.09.20 14:28:21 | 000,009,694 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg [2010.09.18 18:42:14 | 000,032,738 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg [2010.09.18 14:37:22 | 000,000,818 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.09.04 14:19:46 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.08.31 13:52:19 | 000,001,064 | -H-- | M] () -- C:\Windows\tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.27 21:29:02 | 000,944,535 | ---- | C] () -- C:\Users\Zandy\Desktop\black and wihte.jpg [2010.09.26 21:20:34 | 001,449,872 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg [2010.09.25 17:12:11 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys [2010.09.25 13:58:53 | 000,004,368 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg [2010.09.24 23:41:27 | 001,987,907 | ---- | C] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf [2010.09.21 21:45:58 | 003,052,111 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG [2010.09.20 14:28:18 | 000,009,694 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg [2010.09.18 18:42:10 | 000,032,738 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg [2010.05.17 17:49:38 | 000,079,360 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePowerS.dll [2010.05.17 17:49:05 | 000,180,736 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeOptix_ScreenCapS.dll [2010.05.17 17:48:40 | 000,086,528 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeGetSteamS.dll [2010.05.17 17:48:25 | 000,108,544 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePwS.dll [2010.04.20 19:54:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.04.20 18:32:02 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt [2010.04.15 17:45:31 | 000,000,614 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\nt.bat [2010.03.30 21:20:22 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys [2010.01.01 19:53:27 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.09.06 10:31:45 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.03.10 23:58:11 | 000,000,168 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\AVSMediaPlayer.m3u [2009.03.03 20:47:33 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.03.03 20:47:33 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.02.05 15:53:01 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys [2009.02.05 15:53:01 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll [2009.02.05 15:53:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys [2009.02.05 15:53:01 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini [2009.01.19 20:45:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2008.12.09 11:32:06 | 000,028,754 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\UserTile.png [2008.09.20 19:07:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.06.15 19:28:39 | 000,000,628 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\wklnhst.dat [2008.01.02 18:42:57 | 000,008,052 | ---- | C] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat [2007.12.11 12:39:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2007.12.11 11:54:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.12.04 22:42:17 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.01 08:21:20 | 000,168,448 | ---- | C] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.30 16:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Zandy\AppData\Local\rx_image.Cache [2007.06.27 03:50:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.05.23 21:39:26 | 000,000,689 | ---- | C] () -- C:\Windows\generic.ini [2007.05.23 21:39:26 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.23 13:12:14 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL [2007.05.23 13:12:12 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini [2007.05.23 13:07:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.05.19 00:23:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D @Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD < End of report > |
|
28.09.2010, 14:51
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found
SRV - (RSShutdown) -- D:\hackie\service.exe File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found
SRV - (ACPService) -- File not found
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
[2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr
[2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182
@Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2010, 21:21
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Probier es bitte nochmal aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PC fährt nicht herunter,Programme hängen sich auf etc. |
| (keine rückmeldung), adobe, antivirus, ask toolbar, ask.com, bho, bonjour, converter, defender, downloader, explorer, firefox, hacked, hijack, hijackthis, hängen, internet, internet explorer, keine rückmeldung, logfile, löschen?, mozilla, mp3, neu aufsetzen, neustart, plug-in, pop-up-blocker, security, software, system, system neu, system neu aufsetzen, vista, windows, wireless lan |
Hybrid-Darstellung
