[Wichtig] critical error hard drive not found und die anderen Übeltäter

Carbonas · 14.04.2011, 04:04

hallo für mich neue Community.
Ich versuche jetzt mal mein Problem zu erläutern.
Als ich etwas gedownloadet habe kam eine Virus meldung, ok habe ich mir gedacht, dann lösche ich diesen Virus und damit hat sich die Sache.
Auf einmal war mein Desktop komplett Schwarz und ALLE Icons, bis auf Papierkorp waren weg.
Nun hab ich ein bisschen über "critical error hard drive not found"
gegooglet und habe gelesen das dies mit 4 oder 5 andere Fehler, die übrigens auch vorkamen, eine "Fake" Meldung ist sprich Trojaner.
Hier, in diesem Forum, habe ich darüber ein bisschen gelesen und habe mir OTL und die Malawareybytes Software runtergeladen. Diese jedoch benutze ich gerade wodurch ich momentan nicht über denn Stand der Dinge posten kann.
Nicht einmal eine DxDiag.txt kann ich erstellen.

Ich hoffe ihr könnt mir meine Seele beruhigen, weil ich etliche, wichtige Daten habe.
Notfalls kann ich denn Pc Plattmachen was sowieso meine Notlösung wäre.

Die OTL sowie die Malwarebytes Berichte werde ich selbstverständlich noch posten.
In diesem Sinne Bye

Edit: Da OTL irgendwie keine Logfiles "ausspuckt" habe ich wenigstens die Malwarebytes Bericht und die ist verherend.
Seht selbst:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6357

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.04.2011 05:10:09
mbam-log-2011-04-14 (05-09-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 263621
Laufzeit: 31 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 126
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 27
Infizierte Dateien: 44

Infizierte Speicherprozesse:
c:\program files\scanquery\scanquery.exe (Adware.Agent.Gen) -> 1936 -> No action taken.

Infizierte Speichermodule:
c:\program files\scanquery\scanquery.dll (Adware.Agent.Gen) -> No action taken.
c:\Users\***\AppData\Local\wlnlupc.dll (Trojan.Hiloti) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.
c:\Users\***\AppData\Local\oxavomado.dll (Trojan.Agent.U) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanQuery (Adware.ScanQuery) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Khumeqal (Trojan.Hiloti) -> Value: Khumeqal -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EdCcYBPEqSpTN (Trojan.FakeAlert) -> Value: EdCcYBPEqSpTN -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790773B2765C5433AB93 (Malware.Trace) -> Value: SRS_IT_E8790773B2765C5433AB93 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sbavefubemobel (Trojan.Agent.U) -> Value: Sbavefubemobel -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> No action taken.
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> No action taken.
c:\Users\***\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\Users\***\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0 (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> No action taken.
c:\program files\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64} (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults\preferences (Adware.ScanQuery) -> No action taken.
c:\program files\scanquery (Adware.ScanQuery) -> No action taken.
c:\programdata\scanquery (Adware.ScanQuery) -> No action taken.

Infizierte Dateien:
c:\program files\scanquery\scanquery.dll (Adware.Agent.Gen) -> No action taken.
c:\program files\scanquery\scanquery.exe (Adware.Agent.Gen) -> No action taken.
c:\Users\***\AppData\Local\wlnlupc.dll (Trojan.Hiloti) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.
c:\programdata\edccybpeqsptn.exe (Trojan.FakeAlert) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> No action taken.
c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken.
c:\program files\scanquery\uninstall.exe (Adware.ScanQuery) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> No action taken.
c:\programdata\29810440.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\***\AppData\Local\Temp\swaxnmecro.exe (Trojan.Hiloti) -> No action taken.
c:\Users\***\downloads\xvidsetup(2).exe (Adware.Hotbar) -> No action taken.
c:\Users\***\AppData\Local\Temp\0.17335943997569003.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> No action taken.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.
c:\Users\***\AppData\Local\oxavomado.dll (Trojan.Agent.U) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome.manifest (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\install.rdf (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome\scanquery.jar (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> No action taken.

Ich habe sofort alles Entfernt und werde wieder einen Scann rüberlaufen lassen

Nun endlich konnte ich doch eine OTL datei erstellen
Hier:

Zitat:

OTL logfile created on: 14.04.2011 05:16:58 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 396,64 Gb Free Space | 85,16% Space Free | Partition Type: NTFS
Drive D: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.14 04:51:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2011.04.14 04:05:56 | 000,172,032 | -H-- | M] () -- C:\Users\***\AppData\Local\Temp\Fht.exe
PRC - [2011.04.14 04:05:53 | 000,158,720 | -H-- | M] () -- C:\Windows\Fjitua.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | -H-- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | -H-- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.03.25 14:30:56 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.16 23:14:05 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.13 09:39:27 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | -H-- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 05:17:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.04.24 02:10:54 | 000,209,768 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.04.24 02:10:44 | 000,483,688 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

========== Modules (SafeList) ==========

MOD - [2011.04.14 04:51:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
MOD - [2010.11.20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.03.28 15:41:12 | 001,242,504 | -H-- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.16 23:14:05 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.07 20:48:56 | 000,378,984 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.13 09:39:27 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.10 07:36:00 | 003,648,584 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.12.07 12:32:02 | 002,228,008 | -H-- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.04.24 02:10:54 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.04.24 02:10:44 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.07.16 18:04:16 | 000,316,664 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011.03.16 23:14:05 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.01.08 05:27:00 | 010,467,656 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.12.13 09:39:38 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 05:30:16 | 000,175,360 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 05:30:16 | 000,040,704 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 05:30:16 | 000,028,032 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:14:46 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 02:14:42 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.24 02:10:54 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.04.24 02:10:52 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.04.24 02:10:50 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.04.24 02:10:44 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009.07.14 00:02:52 | 000,347,264 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.01.19 20:31:56 | 000,277,544 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 70 EF D1 68 DB CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de

fficial"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {03CAE00B-981A-482D-8915-72FD4E3EF2B1}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.04 11:22:07 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.04 11:22:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}: C:\Users\***\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1} [2011.04.14 04:07:35 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 14:30:58 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.14 03:47:30 | 000,000,000 | -H-D | M]

[2010.12.30 20:45:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2011.04.14 04:22:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions
[2011.01.03 06:12:14 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.01 21:16:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2011.03.17 16:23:20 | 000,000,000 | -H-D | M] (Battlefield Play4Free) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\battlefieldplay4free@ea.com
[2011.01.22 02:33:01 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\eafo3fflauncher@ea.com
[2011.01.01 21:16:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\engine@conduit.com
[2011.02.19 16:29:57 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\firefox@tvunetworks.com
[2011.04.11 21:55:16 | 000,001,056 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\searchplugins\icqplugin.xml
[2011.04.14 05:15:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.04 11:22:07 | 000,000,000 | -H-D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.01.04 11:22:08 | 000,000,000 | -H-D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011.04.14 04:07:35 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\***\APPDATA\LOCAL\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
[2010.12.30 21:03:30 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.05 16:50:02 | 000,001,392 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 16:50:02 | 000,002,344 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.05 16:50:02 | 000,006,805 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.05 16:50:02 | 000,001,178 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.05 16:50:02 | 000,001,105 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [0ESKOMO9JO] C:\Users\***\AppData\Local\Temp\Fht.exe ()
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - D:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.04.14 04:33:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.04.14 04:33:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.14 04:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.14 04:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.14 04:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.14 04:07:35 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
[2011.04.14 03:49:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011.04.14 03:49:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Xvid
[2011.04.13 21:36:39 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ZombieDriver
[2011.04.13 21:36:25 | 000,000,000 | -H-D | C] -- C:\Program Files\OpenAL
[2011.04.12 20:36:02 | 000,000,000 | -H-D | C] -- C:\Program Files\Battlefront
[2011.04.12 14:17:53 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.04.10 03:01:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.04.09 14:23:34 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Skyfallen Entertaiment
[2011.04.09 02:27:36 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\NFS SHIFT
[2011.04.08 17:02:48 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.04.08 14:41:42 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\microsoft
[2011.04.08 14:40:22 | 000,000,000 | -H-D | C] -- C:\Windows\System32\xlive
[2011.04.08 14:40:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011.04.06 14:09:12 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Digitanks
[2011.04.06 14:08:42 | 000,000,000 | -H-D | C] -- C:\Program Files\Digitanks
[2011.04.06 05:36:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Petroglyph
[2011.04.04 23:23:25 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Battlefield 2 Demo
[2011.04.03 03:33:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011.04.03 03:32:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Activision
[2011.04.03 02:37:43 | 000,000,000 | -H-D | C] -- C:\Program Files\TryMedia
[2011.04.03 02:36:22 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infogrames
[2011.04.03 02:36:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
[2011.04.03 00:30:09 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\UndergroundMt2 2010Client
[2011.04.02 16:42:49 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Instinct2
[2011.03.31 14:52:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Postal 2 Demo
[2011.03.30 22:28:36 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Battlefield 2
[2011.03.30 18:46:37 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\ORDER OF WAR - CHALLENGE (Demo)
[2011.03.29 22:18:24 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011.03.29 22:18:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.03.28 15:35:12 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\id Software
[2011.03.23 07:24:54 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011.03.23 07:24:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Project64 1.6
[2011.03.23 07:23:40 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Videos
[2011.03.22 06:58:38 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Neuer Ordner (3)
[2011.03.21 02:58:43 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\5588
[2011.03.21 02:50:37 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Fotos
[2011.03.20 20:11:28 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Neuer Ordner (2)
[2011.03.20 20:06:45 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2011.03.20 01:24:00 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Migoria-MT2
[2011.03.18 01:29:59 | 000,000,000 | -H-D | C] -- C:\Program Files\PaperPlane
[2011.03.18 00:34:03 | 000,000,000 | -H-D | C] -- C:\Windows\pss
[2011.03.17 17:47:46 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Battlefield Play4Free
[2011.03.17 17:38:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011.03.16 23:12:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.03.16 23:12:08 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\ArcaniA - Gothic 4 Demo
[2011.03.15 15:21:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.03.15 15:20:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\NVIDIA
[2011.03.15 15:19:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.03.15 15:19:14 | 015,047,272 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011.03.15 15:19:14 | 013,011,560 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011.03.15 15:19:14 | 010,467,656 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011.03.15 15:19:14 | 010,078,312 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011.03.15 15:19:14 | 004,941,928 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011.03.15 15:19:14 | 002,895,976 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011.03.15 15:19:14 | 002,251,368 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011.03.15 15:19:14 | 001,965,672 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2011.03.15 15:19:14 | 000,941,160 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322090.dll
[2011.03.15 15:19:14 | 000,837,736 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322040.dll
[2011.03.15 15:19:14 | 000,057,960 | -H-- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011.03.15 15:19:14 | 000,010,920 | -H-- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011.03.15 15:19:06 | 000,000,000 | -H-D | C] -- C:\Program Files\NVIDIA Corporation
[2011.03.15 15:18:47 | 000,000,000 | -H-D | C] -- C:\NVIDIA
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.14 05:15:22 | 000,001,885 | -H-- | M] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2011.04.14 05:14:50 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\kijalx.job
[2011.04.14 05:14:45 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\tvaqvdwe.job
[2011.04.14 05:14:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.14 05:14:37 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.14 04:33:15 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.14 04:30:43 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.14 04:30:43 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.14 04:22:16 | 000,000,400 | -H-- | M] () -- C:\ProgramData\29810440
[2011.04.14 04:19:49 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~29810440r
[2011.04.14 04:19:49 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~29810440
[2011.04.14 04:14:51 | 000,000,629 | -H-- | M] () -- C:\Users\***\Desktop\Windows Restore.lnk
[2011.04.14 04:11:48 | 000,001,120 | -H-- | M] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
[2011.04.14 04:07:37 | 000,000,120 | -H-- | M] () -- C:\Users\***\AppData\Local\Nsolalolac.dat
[2011.04.14 04:07:37 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Local\Lcujogiwabafit.bin
[2011.04.14 04:05:53 | 000,158,720 | -H-- | M] () -- C:\Windows\Fjitua.exe
[2011.04.14 04:05:52 | 000,200,704 | RHS- | M] () -- C:\Windows\System32\recoverv.dll
[2011.04.14 04:05:52 | 000,200,704 | RHS- | M] () -- C:\Windows\System32\dnscmmcp.dll
[2011.04.14 03:37:53 | 000,654,372 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.14 03:37:53 | 000,616,254 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.14 03:37:53 | 000,129,986 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.14 03:37:53 | 000,106,376 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.14 02:25:41 | 000,000,670 | -H-- | M] () -- C:\Users\***\Desktop\FIFA 11 - Verknüpfung.lnk
[2011.04.13 21:36:25 | 000,444,952 | -H-- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.04.13 21:36:25 | 000,109,080 | -H-- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.04.10 20:40:19 | 000,138,264 | -H-- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.10 20:40:11 | 000,234,768 | -H-- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.04.09 01:19:59 | 000,001,157 | -H-- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.09 01:19:44 | 000,001,316 | -H-- | M] () -- C:\Users\***\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.08 12:09:51 | 000,000,214 | -H-- | M] () -- C:\Windows\System32\Script.vbs
[2011.04.06 14:08:54 | 000,000,925 | -H-- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.04 22:03:01 | 000,002,033 | -H-- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Demo.lnk
[2011.04.03 03:33:19 | 000,002,002 | -H-- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk
[2011.04.03 03:33:17 | 000,000,324 | -H-- | M] () -- C:\Windows\game.ini
[2011.03.29 22:18:22 | 000,000,856 | -H-- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2011.03.21 15:58:03 | 000,152,064 | -H-- | M] () -- C:\Windows\System32\xvid.ax
[2011.03.20 08:04:03 | 000,000,239 | -H-- | M] () -- C:\Windows\SIERRA.INI
[2011.03.19 23:24:26 | 000,000,080 | -H-- | M] () -- C:\Users\***\AppData\Local\X-Plane Installer.prf
[2011.03.19 17:06:01 | 000,240,640 | -H-- | M] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.19 17:04:28 | 000,650,752 | -H-- | M] () -- C:\Windows\System32\xvidcore.dll
[2011.03.18 07:47:30 | 000,265,640 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.17 17:38:41 | 000,138,056 | -H-- | M] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2011.03.16 23:14:05 | 000,137,656 | -H-- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.14 05:15:22 | 000,001,885 | -H-- | C] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2011.04.14 04:33:15 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.14 04:14:52 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~29810440r
[2011.04.14 04:14:52 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~29810440
[2011.04.14 04:14:51 | 000,000,629 | -H-- | C] () -- C:\Users\***\Desktop\Windows Restore.lnk
[2011.04.14 04:14:48 | 000,000,400 | -H-- | C] () -- C:\ProgramData\29810440
[2011.04.14 04:11:48 | 000,001,120 | -H-- | C] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
[2011.04.14 04:07:37 | 000,000,120 | -H-- | C] () -- C:\Users\***\AppData\Local\Nsolalolac.dat
[2011.04.14 04:07:37 | 000,000,000 | -H-- | C] () -- C:\Users\***\AppData\Local\Lcujogiwabafit.bin
[2011.04.14 04:06:08 | 000,158,720 | -H-- | C] () -- C:\Windows\Fjitua.exe
[2011.04.14 04:05:52 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\recoverv.dll
[2011.04.14 04:05:52 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\dnscmmcp.dll
[2011.04.14 04:05:52 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\kijalx.job
[2011.04.14 04:05:52 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\tvaqvdwe.job
[2011.04.14 03:49:11 | 000,650,752 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.04.14 03:49:11 | 000,240,640 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.04.14 03:49:11 | 000,152,064 | -H-- | C] () -- C:\Windows\System32\xvid.ax
[2011.04.14 02:25:41 | 000,000,670 | -H-- | C] () -- C:\Users\***\Desktop\FIFA 11 - Verknüpfung.lnk
[2011.04.12 20:41:31 | 000,007,680 | -HS- | C] () -- C:\ProgramData\tiff208img.obj
[2011.04.10 03:01:03 | 000,001,298 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.04.09 01:19:52 | 000,001,157 | -H-- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.04 22:03:01 | 000,002,033 | -H-- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Demo.lnk
[2011.04.03 03:33:19 | 000,002,002 | -H-- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk
[2011.03.31 00:27:56 | 000,000,324 | -H-- | C] () -- C:\Windows\game.ini
[2011.03.19 23:24:26 | 000,000,080 | -H-- | C] () -- C:\Users\***\AppData\Local\X-Plane Installer.prf
[2011.03.15 15:19:14 | 000,004,756 | -H-- | C] () -- C:\Windows\System32\nvinfo.pb
[2011.02.24 18:21:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.17 15:48:15 | 000,000,020 | -H-- | C] () -- C:\Windows\mafosav.INI
[2011.02.09 13:03:04 | 000,000,239 | -H-- | C] () -- C:\Windows\SIERRA.INI
[2011.02.07 02:34:41 | 000,000,000 | -H-- | C] () -- C:\Windows\Editor.INI
[2011.01.31 18:20:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.22 02:35:05 | 000,138,264 | -H-- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.22 02:35:04 | 000,138,056 | -H-- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2011.01.22 02:34:44 | 000,234,768 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.22 02:34:26 | 000,794,408 | -H-- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.01.22 02:34:26 | 000,075,136 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.08 09:13:48 | 000,043,520 | -H-- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.01.04 21:41:25 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010.10.14 01:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.07.14 10:47:43 | 000,654,372 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,986 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,254 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,376 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.04.08 17:19:24 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.01.08 09:13:57 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Atari
[2011.02.02 19:38:12 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.04.06 14:11:33 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Digitanks
[2011.01.03 06:12:13 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.04 19:42:16 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.02.05 16:43:04 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FOG Downloader
[2011.03.09 18:34:56 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011.04.12 14:49:31 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.04.12 14:17:53 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.01.04 11:22:09 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Local
[2011.04.06 05:36:09 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Petroglyph
[2011.01.23 00:33:16 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2011.03.14 05:50:18 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.03.31 18:47:53 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\temp
[2011.02.07 17:41:23 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Thies Gerken
[2011.02.15 08:18:51 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.01.29 18:38:54 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.01.15 03:31:51 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.04.13 21:37:16 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ZombieDriver
[2011.04.14 05:14:50 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\kijalx.job
[2011.02.22 01:05:13 | 000,032,630 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.14 05:14:45 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\tvaqvdwe.job

========== Purity Check ==========

So Edit Nr.3 nach dem 2. Scannen das hier wobei ich dies auch löschen konnte:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6357

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.04.2011 05:52:01
mbam-log-2011-04-14 (05-52-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 263306
Laufzeit: 33 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Was muss ich noch tun, damit alles wieder auf mein Bildschirm etc da ist ??

Carbonas · 14.04.2011, 05:27

Auch wenns mir leid tut, das ich ein Doppelpost mache muss ich jedoch noch was hinzufügen, nämilich HiJackThis:
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:24:58, on 14.04.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\Fjitua.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\***\AppData\Local\Temp\Fht.exe
C:\Users\***\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [0ESKOMO9JO] C:\Users\***\AppData\Local\Temp\Fht.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 5433 bytes

--- --- ---

So nun aber zu mein allerletzten Edit: Es ist mir Tatsächlich gelungen, eine DxDiag.txt zu erstellen:

Zitat:

------------------
System Information
------------------
Time of this report: 4/14/2011, 06:36:41
Machine name: ***-PC
Operating System: Windows 7 Professional 32-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_rtm.101119-1850)
Language: German (Regional Setting: German)
System Manufacturer: HP-Pavilion
System Model: GG652AA-ABD a6117.de
BIOS: Phoenix - AwardBIOS v6.00PG
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (2 CPUs), ~2.3GHz
Memory: 2048MB RAM
Available OS Memory: 2046MB RAM
Page File: 1212MB used, 2880MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: Using System DPI
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
DxDiag Version: 6.01.7601.17514 32bit Unicode

------------
DxDiag Notes
------------
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Sound Tab 2: No problems found.
Sound Tab 3: No problems found.
Input Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (retail)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (retail)
DirectMusic: 0/5 (retail)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: NVIDIA GeForce 8400 GS
Manufacturer: NVIDIA
Chip type: GeForce 8400 GS
DAC type: Integrated RAMDAC
Device Key: Enum\PCI\VEN_10DE&DEV_0422&SUBSYS_050A1043&REV_A1
Display Memory: 1010 MB
Dedicated Memory: 243 MB
Shared Memory: 767 MB
Current Mode: 1280 x 1024 (32 bit) (60Hz)
Monitor Name: PnP-Monitor (Standard)
Monitor Model: SyncMaster
Monitor Id: SAM0258
Native Mode: 1280 x 1024(p) (60.020Hz)
Output Type: HD15
Driver Name: nvd3dum.dll,nvwgf2um.dll,nvwgf2um.dll
Driver File Version: 8.17.0012.6658 (English)
Driver Version: 8.17.12.6658
DDI Version: 10
Driver Model: WDDM 1.1
Driver Attributes: Final Retail
Driver Date/Size: 1/8/2011 05:27:00, 10078312 bytes
WHQL Logo'd: Yes
WHQL Date Stamp:
Device Identifier: {D7B71E3E-4762-11CF-F169-06251FC2C535}
Vendor ID: 0x10DE
Device ID: 0x0422
SubSys ID: 0x050A1043
Revision ID: 0x00A1
Driver Strong Name: oem4.inf:NVIDIA_SetA_Devices.NTx86.6.1:Section005:8.17.12.6658

ci\ven_10de&dev_0422
Rank Of Driver: 00E62001
Video Accel: ModeMPEG2_A ModeMPEG2_C ModeVC1_C ModeWMV9_C
Deinterlace Caps: {6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{F9F19DA5-3B09-4B2F-9D89-C64753E3EAAB}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=
D3D9 Overlay: Supported
DXVA-HD: Supported
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled

-------------
Sound Devices
-------------
Description: Kopfhörer (High Definition Audio-Gerät)
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A58&REV_1001
Manufacturer ID: 1
Product ID: 65535
Type: WDM
Driver Name: HdAudio.sys
Driver Version: 6.01.7601.17514 (German)
Driver Attributes: Final Retail
WHQL Logo'd: Yes
Date and Size: 11/20/2010 03:00:22, 304128 bytes
Other Files:
Driver Provider: Microsoft
HW Accel Level: Basic
Cap Flags: 0xF1F
Min/Max Sample Rate: 100, 200000
Static/Strm HW Mix Bufs: 1, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No

Description: Digitalaudio (S/PDIF) (High Definition Audio-Gerät)
Default Sound Playback: No
Default Voice Playback: No
Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A58&REV_1001
Manufacturer ID: 1
Product ID: 65535
Type: WDM
Driver Name: HdAudio.sys
Driver Version: 6.01.7601.17514 (German)
Driver Attributes: Final Retail
WHQL Logo'd: Yes
Date and Size: 11/20/2010 03:00:22, 304128 bytes
Other Files:
Driver Provider: Microsoft
HW Accel Level: Basic
Cap Flags: 0xF1F
Min/Max Sample Rate: 100, 200000
Static/Strm HW Mix Bufs: 1, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No

Description: Digitalaudio (HDMI) (High Definition Audio-Gerät)
Default Sound Playback: No
Default Voice Playback: No
Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A58&REV_1001
Manufacturer ID: 1
Product ID: 65535
Type: WDM
Driver Name: HdAudio.sys
Driver Version: 6.01.7601.17514 (German)
Driver Attributes: Final Retail
WHQL Logo'd: Yes
Date and Size: 11/20/2010 03:00:22, 304128 bytes
Other Files:
Driver Provider: Microsoft
HW Accel Level: Basic
Cap Flags: 0xF1F
Min/Max Sample Rate: 100, 200000
Static/Strm HW Mix Bufs: 1, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No

---------------------
Sound Capture Devices
---------------------
Description: Mikrofon (High Definition Audio-Gerät)
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: HdAudio.sys
Driver Version: 6.01.7601.17514 (German)
Driver Attributes: Final Retail
Date and Size: 11/20/2010 03:00:22, 304128 bytes
Cap Flags: 0x1
Format Flags: 0xFFFFF

-------------------
DirectInput Devices
-------------------
Device Name: Maus
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Tastatur
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Microsoft Wireless Optical Desktop® 1.00
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x045E, 0x005F
FF Driver: n/a

Device Name: Microsoft Wireless Optical Desktop® 1.00
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x045E, 0x005F
FF Driver: n/a

Device Name: Microsoft Wireless Optical Desktop® 1.00
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x045E, 0x005F
FF Driver: n/a

Poll w/ Interrupt: No

-----------
USB Devices
-----------
+ USB-Root-Hub
| Vendor/Product ID: 0x10DE, 0x03F1
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 11/20/2010 03:01:10, 258560 bytes
| Driver: usbd.sys, 7/14/2009 01:51:05, 5888 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ Standardtastatur (PS/2)
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 7/14/2009 01:11:24, 80896 bytes
| Driver: kbdclass.sys, 7/14/2009 03:20:36, 42576 bytes
|
+ HID-Tastatur
| Vendor/Product ID: 0x045E, 0x005F
| Matching Device ID: hid_device_system_keyboard
| Service: kbdhid
| Driver: kbdhid.sys, 11/20/2010 02:50:12, 28160 bytes
| Driver: kbdclass.sys, 7/14/2009 03:20:36, 42576 bytes
|
+ Terminalserver-Tastaturtreiber
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: i8042prt.sys, 7/14/2009 01:11:24, 80896 bytes
| Driver: kbdclass.sys, 7/14/2009 03:20:36, 42576 bytes
|
+ HID-konforme Maus
| Vendor/Product ID: 0x045E, 0x005F
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouhid.sys, 7/14/2009 01:45:08, 26112 bytes
| Driver: mouclass.sys, 7/14/2009 03:20:44, 41552 bytes
|
+ Terminalserver-Maustreiber
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 11/20/2010 05:30:14, 53120 bytes
| Driver: sermouse.sys, 7/14/2009 01:45:08, 19968 bytes
| Driver: mouclass.sys, 7/14/2009 03:20:44, 41552 bytes

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 406.7 GB
Total Space: 476.9 GB
File System: NTFS
Model: WDC WD50 00AAKS-00A7B SCSI Disk Device

Drive: Q:
Model: n/a

Drive: D:
Model: ATAPI DVD A DH16A1L SCSI CdRom Device
Driver: c:\windows\system32\drivers\cdrom.sys, 6.01.7601.17514 (German), 11/20/2010 01:38:12, 108544 bytes

--------------
System Devices
--------------
Name: Standard OpenHCD USB-Hostcontroller
Device ID: PCI\VEN_10DE&DEV_03F1&SUBSYS_2A58103C&REV_A3\3&2411E6FE&1&10
Driver: C:\Windows\system32\drivers\usbohci.sys, 6.01.7600.16385 (English), 7/14/2009 01:51:14, 20480 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.01.7600.16385 (German), 7/14/2009 01:51:15, 284160 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.01.7601.17514 (German), 11/20/2010 03:01:10, 258560 bytes

Name: PCI Standard-ISA-Brücke
Device ID: PCI\VEN_10DE&DEV_03E0&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&08
Driver: C:\Windows\system32\DRIVERS\msisadrv.sys, 6.01.7600.16385 (English), 7/14/2009 03:20:43, 13888 bytes

Name: OHCI-konformer LSI 1394-Hostcontroller
Device ID: PCI\VEN_11C1&DEV_5811&SUBSYS_2A58103C&REV_70\4&289C41FE&0&2820
Driver: C:\Windows\system32\DRIVERS\1394ohci.sys, 6.01.7601.17514 (German), 11/20/2010 03:01:14, 164864 bytes

Name: High Definition Audio-Controller
Device ID: PCI\VEN_10DE&DEV_03F0&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&28
Driver: C:\Windows\system32\DRIVERS\hdaudbus.sys, 6.01.7601.17514 (German), 11/20/2010 02:59:30, 108544 bytes

Name: Sonstige AMD-Konfiguration
Device ID: PCI\VEN_1022&DEV_1103&SUBSYS_00000000&REV_00\3&2411E6FE&1&C3
Driver: n/a

Name: NVIDIA GeForce 8400 GS
Device ID: PCI\VEN_10DE&DEV_0422&SUBSYS_050A1043&REV_A1\4&85B141D&0&0048
Driver: C:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 158312 bytes
Driver: C:\Program Files\NVIDIA Corporation\Drs\nvdrsdb.bin, 1/8/2011 05:27:00, 281380 bytes
Driver: C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_x86_neutral_17f44228751bb161\NvCplSetupInt.exe, 14.00.0000.0162 (English), 1/8/2011 05:27:00, 54247160 bytes
Driver: C:\Program Files\NVIDIA Corporation\license.txt, 1/8/2011 05:27:00, 15511 bytes
Driver: C:\Windows\system32\DRIVERS\nvBridge.kmd, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 10920 bytes
Driver: C:\Windows\system32\DRIVERS\nvlddmkm.sys, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 10467656 bytes
Driver: C:\Windows\system32\OpenCL.dll, 1.00.0000.0000 (English), 1/8/2011 05:27:00, 57960 bytes
Driver: C:\Windows\system32\nvapi.dll, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 1965672 bytes
Driver: C:\Windows\system32\nvcompiler.dll, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 13011560 bytes
Driver: C:\Windows\system32\nvcuda.dll, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 4941928 bytes
Driver: C:\Windows\system32\nvcuvenc.dll, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 2251368 bytes
Driver: C:\Windows\system32\nvcuvid.dll, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 2895976 bytes
Driver: C:\Windows\system32\nvd3dum.dll, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 10078312 bytes
Driver: C:\Windows\system32\nvinfo.pb, 1/8/2011 05:27:00, 4756 bytes
Driver: C:\Windows\system32\nvoglv32.dll, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 15047272 bytes
Driver: C:\Windows\system32\nvwgf2um.dll, 8.17.0012.6658 (English), 1/8/2011 05:27:00, 5653096 bytes
Driver: C:\Windows\system32\nvdispco322090.dll, 2.00.0009.0000 (English), 1/8/2011 05:27:00, 941160 bytes
Driver: C:\Windows\system32\nvgenco322040.dll, 2.00.0004.0000 (English), 1/8/2011 05:27:00, 837736 bytes

Name: NVIDIA nForce-Netzwerkcontroller
Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&38
Driver: n/a

Name: AMD DRAM und HyperTransport(tm)-Nachverfolgungsmoduskonfiguration
Device ID: PCI\VEN_1022&DEV_1102&SUBSYS_00000000&REV_00\3&2411E6FE&1&C2
Driver: n/a

Name: NVIDIA nForce Serieller ATA-Controller
Device ID: PCI\VEN_10DE&DEV_03F6&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&41
Driver: C:\Windows\system32\DRIVERS\nvstor.sys, 10.06.0000.0018 (English), 11/20/2010 05:30:08, 143744 bytes

Name: Standard-Zweikanal-PCI-IDE-Controller
Device ID: PCI\VEN_10DE&DEV_03EC&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&30
Driver: C:\Windows\system32\DRIVERS\pciide.sys, 6.01.7600.16385 (English), 7/14/2009 03:20:45, 12368 bytes
Driver: C:\Windows\system32\DRIVERS\pciidex.sys, 6.01.7600.16385 (German), 7/14/2009 03:19:03, 42560 bytes
Driver: C:\Windows\system32\DRIVERS\atapi.sys, 6.01.7600.16385 (English), 7/14/2009 03:26:15, 21584 bytes
Driver: C:\Windows\system32\DRIVERS\ataport.sys, 6.01.7601.17514 (German), 11/20/2010 05:29:14, 132992 bytes

Name: AMD-Adresszuordnungskonfiguration
Device ID: PCI\VEN_1022&DEV_1101&SUBSYS_00000000&REV_00\3&2411E6FE&1&C1
Driver: n/a

Name: NVIDIA nForce Serieller ATA-Controller
Device ID: PCI\VEN_10DE&DEV_03F6&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&40
Driver: C:\Windows\system32\DRIVERS\nvstor.sys, 10.06.0000.0018 (English), 11/20/2010 05:30:08, 143744 bytes

Name: NVIDIA nForce PCI-Systemverwaltung
Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&09
Driver: n/a

Name: AMD HyperTransport(tm)-Konfiguration
Device ID: PCI\VEN_1022&DEV_1100&SUBSYS_00000000&REV_00\3&2411E6FE&1&C0
Driver: n/a

Name: PCI Standard-RAM-Controller
Device ID: PCI\VEN_10DE&DEV_03F5&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&0A
Driver: n/a

Name: PCI Standard-RAM-Controller
Device ID: PCI\VEN_10DE&DEV_03EA&SUBSYS_2A58103C&REV_A1\3&2411E6FE&1&00
Driver: n/a

Name: PCI Standard-PCI-zu-PCI-Brücke
Device ID: PCI\VEN_10DE&DEV_03F3&SUBSYS_2A58103C&REV_A1\3&2411E6FE&1&20
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.01.7601.17514 (German), 11/20/2010 05:30:08, 153984 bytes

Name: PCI Standard-PCI-zu-PCI-Brücke
Device ID: PCI\VEN_10DE&DEV_03E9&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&58
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.01.7601.17514 (German), 11/20/2010 05:30:08, 153984 bytes

Name: Standard PCI-zu-USB erweiterter Hostcontroller
Device ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_2A58103C&REV_A3\3&2411E6FE&1&11
Driver: C:\Windows\system32\drivers\usbehci.sys, 6.01.7600.16445 (English), 10/24/2009 05:58:55, 41984 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.01.7600.16385 (German), 7/14/2009 01:51:15, 284160 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.01.7601.17514 (German), 11/20/2010 03:01:10, 258560 bytes

Name: PCI Standard-PCI-zu-PCI-Brücke
Device ID: PCI\VEN_10DE&DEV_03E8&SUBSYS_2A58103C&REV_A2\3&2411E6FE&1&48
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.01.7601.17514 (German), 11/20/2010 05:30:08, 153984 bytes

------------------
DirectShow Filters
------------------

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,WMADMOD.DLL,6.01.7601.17514
WMAPro over S/PDIF DMO,0x00600800,1,1,WMADMOD.DLL,6.01.7601.17514
WMSpeech Decoder DMO,0x00600800,1,1,WMSPDMOD.DLL,6.01.7601.17514
MP3 Decoder DMO,0x00600800,1,1,mp3dmod.dll,6.01.7600.16385
Mpeg4s Decoder DMO,0x00800001,1,1,mp4sdecd.dll,6.01.7600.16385
WMV Screen decoder DMO,0x00600800,1,1,wmvsdecd.dll,6.01.7601.17514
WMVideo Decoder DMO,0x00800001,1,1,wmvdecod.dll,6.01.7601.17514
Mpeg43 Decoder DMO,0x00800001,1,1,mp43decd.dll,6.01.7600.16385
Mpeg4 Decoder DMO,0x00800001,1,1,mpg4decd.dll,6.01.7600.16385
DV Muxer,0x00400000,0,0,qdv.dll,6.06.7601.17514
Color Space Converter,0x00400001,1,1,quartz.dll,6.06.7601.17514
WM ASF Reader,0x00400000,0,0,qasf.dll,12.00.7601.17514
DivX AAC Decoder,0x00800000,1,1,daac.ax,7.01.0000.0010
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,12.00.7601.17514
AVI Splitter,0x00600000,1,1,quartz.dll,6.06.7601.17514
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.06.7601.17514
SBE2MediaTypeProfile,0x00200000,0,0,sbe.dll,6.06.7601.17528
Microsoft DTV-DVD Video Decoder,0x005fffff,2,4,msmpeg2vdec.dll,6.01.7140.0000
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.06.7601.17528
StreamBufferSink,0x00200000,0,0,sbe.dll,6.06.7601.17528
Microsoft TV Captions Decoder,0x00200001,1,0,MSTVCapn.dll,6.01.7601.17514
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.06.7601.17514
CBVA DMO wrapper filter,0x00200000,1,1,cbva.dll,6.01.7601.17514
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.06.7601.17514
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.06.7601.17514
VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.7601.17514
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.06.7601.17528
Closed Captions Analysis Filter,0x00200000,2,5,cca.dll,6.06.7601.17514
SBE2FileScan,0x00200000,0,0,sbe.dll,6.06.7601.17528
Microsoft MPEG-2 Video Encoder,0x00200000,1,1,msmpeg2enc.dll,6.01.7601.17514
DivX MKV Demux (unrestricted),0x00200000,0,1,DMFSource.ax,1.00.0002.0006
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.06.7601.17514
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.06.7601.17514
DV Splitter,0x00600000,1,2,qdv.dll,6.06.7601.17514
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.06.7601.17514
Microsoft MPEG-2 Encoder,0x00200000,2,1,msmpeg2enc.dll,6.01.7601.17514
ACM Wrapper,0x00600000,1,1,quartz.dll,6.06.7601.17514
Video Renderer,0x00800001,1,0,quartz.dll,6.06.7601.17514
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.06.7601.17528
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.06.7601.17514
Video Port Manager,0x00600000,2,1,quartz.dll,6.06.7601.17514
DivX H.264 Decoder,0x00800000,1,1,DivXDecH264.ax,9.00.0001.0021
Video Renderer,0x00400000,1,0,quartz.dll,6.06.7601.17514
DivX Decoder Filter,0x00800000,1,1,DivXDec.ax,7.01.0001.0014
VPS Decoder,0x00200000,0,0,WSTPager.ax,6.06.7601.17514
WM ASF Writer,0x00400000,0,0,qasf.dll,12.00.7601.17514
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,6.01.7601.17514
File writer,0x00200000,1,0,qcap.dll,6.06.7601.17514
iTV Data Sink,0x00600000,1,0,itvdata.dll,6.06.7601.17514
iTV Data Capture filter,0x00600000,1,1,itvdata.dll,6.06.7601.17514
DVD Navigator,0x00200000,0,3,qdvd.dll,6.06.7601.17514
Microsoft TV Subtitles Decoder,0x00200001,1,0,MSTVCapn.dll,6.01.7601.17514
Overlay Mixer2,0x00200000,1,1,qdvd.dll,6.06.7601.17514
DivX MKV Demux,0x00600000,0,1,DMFSource.ax,1.00.0002.0006
AVI Draw,0x00600064,9,1,quartz.dll,6.06.7601.17514
RDP DShow Redirection Filter,0xffffffff,1,0,DShowRdpFilter.dll,
Microsoft MPEG-2 Audio Encoder,0x00200000,1,1,msmpeg2enc.dll,6.01.7601.17514
WST Pager,0x00200000,1,1,WSTPager.ax,6.06.7601.17514
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.06.7601.17528
DV Video Decoder,0x00800000,1,1,qdv.dll,6.06.7601.17514
SampleGrabber,0x00200000,1,1,qedit.dll,6.06.7601.17514
Null Renderer,0x00200000,1,0,qedit.dll,6.06.7601.17514
MPEG-2 Sections and Tables,0x005fffff,1,0,Mpeg2Data.ax,6.06.7601.17514
Microsoft AC3 Encoder,0x00200000,1,1,msac3enc.dll,6.01.7601.17514
StreamBufferSource,0x00200000,0,0,sbe.dll,6.06.7601.17528
Smart Tee,0x00200000,1,2,qcap.dll,6.06.7601.17514
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.06.7601.17514
AVI Decompressor,0x00600000,1,1,quartz.dll,6.06.7601.17514
NetBridge,0x00200000,2,0,netbridge.dll,6.01.7601.17514
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.06.7601.17514
Wave Parser,0x00400000,1,1,quartz.dll,6.06.7601.17514
MIDI Parser,0x00400000,1,1,quartz.dll,6.06.7601.17514
Multi-file Parser,0x00400000,1,1,quartz.dll,6.06.7601.17514
File stream renderer,0x00400000,1,1,quartz.dll,6.06.7601.17514
Microsoft DTV-DVD Audio Decoder,0x005fffff,1,1,msmpeg2adec.dll,6.01.7140.0000
StreamBufferSink2,0x00200000,0,0,sbe.dll,6.06.7601.17528
AVI Mux,0x00200000,1,0,qcap.dll,6.06.7601.17514
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.06.7601.17514
File Source (Async.),0x00400000,0,1,quartz.dll,6.06.7601.17514
File Source (URL),0x00400000,0,1,quartz.dll,6.06.7601.17514
Media Center Extender Encryption Filter,0x00200000,2,2,Mcx2Filter.dll,6.01.7601.17514
AudioRecorder WAV Dest,0x00200000,0,0,WavDest.dll,
AudioRecorder Wave Form,0x00200000,0,0,WavDest.dll,
SoundRecorder Null Renderer,0x00200000,0,0,WavDest.dll,
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.06.7601.17514
Enhanced Video Renderer,0x00200000,1,0,evr.dll,6.01.7601.17514
BDA MPEG2 Transport Information Filter,0x00200000,2,0,psisrndr.ax,6.06.7601.17514
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.06.7601.17514

WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink-Konvertierung,0x00200000,1,1,ksproxy.ax,6.01.7601.17514

Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,wmvxencd.dll,6.01.7600.16385
WMVideo9 Encoder DMO,0x00600800,1,1,wmvencod.dll,6.01.7600.16385
MSScreen 9 encoder DMO,0x00600800,1,1,wmvsencd.dll,6.01.7600.16385
DV Video Encoder,0x00200000,0,0,qdv.dll,6.06.7601.17514
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.06.7601.17514
Cinepak Codec von Radius,0x00200000,1,1,qcap.dll,6.06.7601.17514
DivX 6.9.2 Codec (2 Logical CPUs),0x00200000,1,1,qcap.dll,6.06.7601.17514
Intel IYUV Codec,0x00200000,1,1,qcap.dll,6.06.7601.17514
Intel IYUV Codec,0x00200000,1,1,qcap.dll,6.06.7601.17514
Microsoft RLE,0x00200000,1,1,qcap.dll,6.06.7601.17514
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.06.7601.17514
DivX 6.9.2 YV12 Decoder,0x00200000,1,1,qcap.dll,6.06.7601.17514

Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,WMSPDMOE.DLL,6.01.7600.16385
WMAudio Encoder DMO,0x00600800,1,1,WMADMOE.DLL,6.01.7600.16385
Lernout & Hauspie CELP 4.8kbit/s,0x00200000,1,1,quartz.dll,6.06.7601.17514
Lernout & Hauspie SBC 8kbit/s,0x00200000,1,1,quartz.dll,6.06.7601.17514
Lernout & Hauspie SBC 12kbit/s,0x00200000,1,1,quartz.dll,6.06.7601.17514
Lernout & Hauspie SBC 16kbit/s,0x00200000,1,1,quartz.dll,6.06.7601.17514
IMA ADPCM,0x00200000,1,1,quartz.dll,6.06.7601.17514
PCM,0x00200000,1,1,quartz.dll,6.06.7601.17514
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.06.7601.17514
GSM 6.10,0x00200000,1,1,quartz.dll,6.06.7601.17514
CCITT A-Law,0x00200000,1,1,quartz.dll,6.06.7601.17514
CCITT u-Law,0x00200000,1,1,quartz.dll,6.06.7601.17514
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.06.7601.17514

Audio Capture Sources:
Mikrofon (High Definition Audio,0x00200000,0,0,qcap.dll,6.06.7601.17514

PBDA CP Filters:
PBDA DTFilter,0x00600000,1,1,CPFilters.dll,6.06.7601.17528
PBDA ETFilter,0x00200000,0,0,CPFilters.dll,6.06.7601.17528
PBDA PTFilter,0x00200000,0,0,CPFilters.dll,6.06.7601.17528

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.06.7601.17514
Microsoft GS Wavetable Synth,0x00200000,1,0,quartz.dll,6.06.7601.17514

WDM Streaming Capture Devices:
HD Audio-Aufnahme (gemischt),0x00200000,1,1,ksproxy.ax,6.01.7601.17514

WDM Streaming Rendering Devices:
HD Audio-HDMI-Ausgabe,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
HD Audio-Kopfhörer,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
HD Audio-SPDIF-Ausgabe,0x00200000,1,1,ksproxy.ax,6.01.7601.17514

BDA Network Providers:
Microsoft ATSC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBS Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBT Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft Network Provider,0x00200000,0,1,MSNP.ax,6.06.7601.17514

Multi-Instance Capable VBI Codecs:
VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.7601.17514

BDA Transport Information Renderers:
BDA MPEG2 Transport Information Filter,0x00600000,2,0,psisrndr.ax,6.06.7601.17514
MPEG-2 Sections and Tables,0x00600000,1,0,Mpeg2Data.ax,6.06.7601.17514

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,1,EncDec.dll,6.06.7601.17528
Encrypt/Tag,0x00200000,0,0,EncDec.dll,6.06.7601.17528
PTFilter,0x00200000,0,0,EncDec.dll,6.06.7601.17528
XDS Codec,0x00200000,0,0,EncDec.dll,6.06.7601.17528

WDM Streaming Communication Transforms:
Tee/Sink-to-Sink-Konvertierung,0x00200000,1,1,ksproxy.ax,6.01.7601.17514

Audio Renderers:
Kopfhörer (High Definition Audi,0x00200000,1,0,quartz.dll,6.06.7601.17514
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.06.7601.17514
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.06.7601.17514
Digitalaudio (HDMI) (High Defin,0x00200000,1,0,quartz.dll,6.06.7601.17514
Digitalaudio (S/PDIF) (High Def,0x00200000,1,0,quartz.dll,6.06.7601.17514
DirectSound: Digitalaudio (HDMI) (High Definition Audio-Gerät),0x00200000,1,0,quartz.dll,6.06.7601.17514
DirectSound: Digitalaudio (S/PDIF) (High Definition Audio-Gerät),0x00200000,1,0,quartz.dll,6.06.7601.17514
DirectSound: Kopfhörer (High Definition Audio-Gerät),0x00200000,1,0,quartz.dll,6.06.7601.17514

---------------
EVR Power Information
---------------
Current Setting: {5C67A112-A4C9-483F-B4A7-1D473BECAFDC} (Quality)
Quality Flags: 2576
Enabled:
Force throttling
Allow half deinterlace
Allow scaling
Decode Power Usage: 100
Balanced Flags: 1424
Enabled:
Force throttling
Allow batching
Force half deinterlace
Force scaling
Decode Power Usage: 50
PowerFlags: 1424
Enabled:
Force throttling
Allow batching
Force half deinterlace
Force scaling
Decode Power Usage: 0

markusg · 14.04.2011, 10:00

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKCU..\Run: [0ESKOMO9JO] C:\Users\***\AppData\Local\Temp\Fht.exe ()
[2011.04.14 05:14:50 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\kijalx.job
[2011.04.14 05:14:45 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\tvaqvdwe.job
[2011.04.14 04:22:16 | 000,000,400 | -H-- | M] () -- C:\ProgramData\29810440
[2011.04.14 04:19:49 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~29810440r
[2011.04.14 04:19:49 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~29810440
[2011.04.14 04:14:51 | 000,000,629 | -H-- | M] () -- C:\Users\***\Desktop\Windows Restore.lnk
[2011.04.14 04:07:37 | 000,000,120 | -H-- | M] () -- C:\Users\***\AppData\Local\Nsolalolac.dat
[2011.04.14 04:07:37 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Local\Lcujogiwabafit.bin
[2011.04.14 04:05:53 | 000,158,720 | -H-- | M] () -- C:\Windows\Fjitua.exe
[2011.04.14 04:05:52 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\recoverv.dll
:Files
C:\Users\***\AppData\Local\Temp\Fht.exe
C:\Windows\System32\dnscmmcp.dll
ipconfig /flushdns /c

:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html

Carbonas · 14.04.2011, 12:29

Ok, ersteinmal vielen herzlichen dank an dir.
Nun ein Problem gibt es kleines Problemchen.
Die Icons die wiederhergestellt wurden, sind transparenter, also sehr durchsichtiger, als die, die ich nach dem Vorfall installiert habe, sprich diese sind in voller Farbe

Da das mit dem Upload nicht Funktioniert ( gut möglich das ich momentan es nicht verstehe) schicke ich dir eine txt datei

markusg · 14.04.2011, 13:34

was heißt funktioniert nicht.
du öffnest erst mal computer, dort klicke auf c: dort auf den ordner _OTL
dort auf den ordner moved files mit rechtsklick.
und dann mit winrar winzip oder nem anderen pack programm ein archiv erstellen, dieses dann in unserem upload channel, wie beschrieben, hochladen.

Carbonas · 14.04.2011, 20:59

So ich habe es verschickt. Ich habe es deshalb nicht verstanden weil ich leider nur 5 Minuten zeit hatte.

So nun löst dies aber auch nicht mein problem mit dem Icons
Ich werde hierzu mal ein Beispiel Bild zeigen.

markusg · 15.04.2011, 10:24

immer mit der ruhe :-)
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Carbonas · 15.04.2011, 13:15

Auch das würde ich machen wenn mein Pc aber nicht folgende Meldung anzeigen würde (hab alles versucht bis hin zur niedrigste zulassen für gefährliche seiten)

Die Dateien können nicht geöffnet werden.
Durch die Internetsicherheitseinstellungen wurde verhindert, dass
eine oder mehrere Dateien geöffnet wurden.

bei Details einblenden steht:
C:\32788R22FWJFW\iexplore.exe

Wie gesagt, obwohl ich divierse sogar alle einstellungen auf wenig bis gar nicht eingestellt habe

markusg · 15.04.2011, 14:04

stells mal wieder auf standard zurück.
der download hat geklappt? dann versuchs mal im abgesicherten modus ohne netzwerk.
drücke bei pc start ein paar mal f8 dann solltest du das auswahlmenü erreichen

Carbonas · 15.04.2011, 21:55

Auch das hat nicht Funktioniert (welch ein Wunder?).
Obwohl ich alles gemacht habe, was du gesagt hast.

markusg · 16.04.2011, 10:05

poste mal ein neues otl.txt file

Carbonas · 16.04.2011, 16:21

Hier ist die aktuelle txt file:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.04.2011 17:18:10 - Run 5
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 390,60 Gb Free Space | 83,87% Space Free | Partition Type: NTFS
Drive D: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.14 04:51:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.03.30 19:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | -H-- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | -H-- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.03.25 14:30:56 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.16 23:14:05 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.13 09:39:27 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | -H-- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 05:17:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.11.05 15:27:18 | 007,168,768 | -H-- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2010.04.24 02:10:54 | 000,209,768 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.04.24 02:10:44 | 000,483,688 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.14 04:51:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.11.20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.03.28 15:41:12 | 001,242,504 | -H-- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.16 23:14:05 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.07 20:48:56 | 000,378,984 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.13 09:39:27 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.10 07:36:00 | 003,648,584 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.12.07 12:32:02 | 002,228,008 | -H-- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.04.24 02:10:54 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.04.24 02:10:44 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.07.16 18:04:16 | 000,316,664 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 23:14:05 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.02.10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.01.08 05:27:00 | 010,467,656 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.13 09:39:38 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 05:30:16 | 000,175,360 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 05:30:16 | 000,040,704 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 05:30:16 | 000,028,032 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:14:46 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 02:14:42 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.24 02:10:54 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.04.24 02:10:52 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.04.24 02:10:50 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.04.24 02:10:44 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009.07.14 00:02:52 | 000,347,264 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.01.19 20:31:56 | 000,277,544 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 70 EF D1 68 DB CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {03CAE00B-981A-482D-8915-72FD4E3EF2B1}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.14 07:01:45 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.14 07:01:45 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}: C:\Users\***\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1} [2011.04.14 07:01:00 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.14 07:01:32 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.14 07:01:31 | 000,000,000 | -H-D | M]
 
[2010.12.30 20:45:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2011.04.15 23:04:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions
[2011.04.14 07:01:00 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.01 21:16:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2011.04.14 07:01:00 | 000,000,000 | -H-D | M] (Battlefield Play4Free) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\battlefieldplay4free@ea.com
[2011.04.14 07:01:00 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\eafo3fflauncher@ea.com
[2011.01.01 21:16:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\engine@conduit.com
[2011.02.19 16:29:57 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\firefox@tvunetworks.com
[2011.04.11 21:55:16 | 000,001,056 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\searchplugins\icqplugin.xml
[2011.04.14 05:15:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.14 07:01:45 | 000,000,000 | -H-D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.14 07:01:45 | 000,000,000 | -H-D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011.04.14 07:01:00 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\***\APPDATA\LOCAL\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
[2010.12.30 21:03:30 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.05 16:50:02 | 000,001,392 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 16:50:02 | 000,002,344 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.05 16:50:02 | 000,006,805 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.05 16:50:02 | 000,001,178 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.05 16:50:02 | 000,001,105 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: infospyware.net ([www] https in Lokales Intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - D:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.16 10:04:30 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011.04.16 09:47:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Savegame
[2011.04.16 04:00:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
[2011.04.16 04:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy
[2011.04.15 00:50:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 00:50:53 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.15 00:50:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 00:50:49 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 00:50:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 00:50:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 00:50:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.15 00:50:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 00:49:21 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 00:49:17 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.04.15 00:49:15 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.04.15 00:49:12 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 00:49:12 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 21:56:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.04.14 13:13:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.14 06:09:27 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.04.14 06:09:23 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.04.14 06:09:23 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.04.14 06:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.04.14 06:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011.04.14 05:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2011.04.14 05:51:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011.04.14 05:51:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
[2011.04.14 04:51:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.14 04:33:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.04.14 04:33:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.14 04:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.14 04:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.14 04:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.14 04:07:35 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
[2011.04.13 21:36:39 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ZombieDriver
[2011.04.13 21:36:25 | 000,000,000 | -H-D | C] -- C:\Program Files\OpenAL
[2011.04.12 20:36:02 | 000,000,000 | -H-D | C] -- C:\Program Files\Battlefront
[2011.04.12 14:17:53 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.04.10 03:01:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.04.09 14:23:34 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Skyfallen Entertaiment
[2011.04.09 02:27:36 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\NFS SHIFT
[2011.04.08 17:02:48 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.04.08 14:41:42 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\microsoft
[2011.04.08 14:40:22 | 000,000,000 | -H-D | C] -- C:\Windows\System32\xlive
[2011.04.08 14:40:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011.04.06 14:09:12 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Digitanks
[2011.04.06 14:08:42 | 000,000,000 | -H-D | C] -- C:\Program Files\Digitanks
[2011.04.06 05:36:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Petroglyph
[2011.04.04 23:23:25 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Battlefield 2 Demo
[2011.04.03 03:33:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011.04.03 03:32:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Activision
[2011.04.03 02:37:43 | 000,000,000 | -H-D | C] -- C:\Program Files\TryMedia
[2011.04.03 02:36:22 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infogrames
[2011.04.03 02:36:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
[2011.04.03 00:30:09 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\UndergroundMt2 2010Client
[2011.03.31 14:52:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Postal 2 Demo
[2011.03.30 22:28:36 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Battlefield 2
[2011.03.30 18:46:37 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\ORDER OF WAR - CHALLENGE (Demo)
[2011.03.29 22:18:24 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011.03.29 22:18:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.03.28 15:35:12 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\id Software
[2011.03.23 07:24:54 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011.03.23 07:24:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Project64 1.6
[2011.03.23 07:23:40 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\n64
[2011.03.22 06:58:38 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Neuer Ordner (3)
[2011.03.21 02:58:43 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\5588
[2011.03.21 02:50:37 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Schwarz-Weiß
[2011.03.20 20:11:41 | 001,757,264 | -H-- | C] (None) -- C:\Users\***\Desktop\VisualBoyAdvance.exe
[2011.03.20 20:11:28 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Neuer Ordner (2)
[2011.03.20 20:06:45 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2011.03.20 01:24:00 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Migoria-MT2
[2011.03.18 01:29:59 | 000,000,000 | -H-D | C] -- C:\Program Files\PaperPlane
[2011.03.18 00:34:03 | 000,000,000 | -H-D | C] -- C:\Windows\pss
[2011.03.17 17:47:46 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Battlefield Play4Free
[2011.03.17 17:38:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.16 17:05:44 | 000,002,426 | ---- | M] () -- C:\Users\***\Desktop\vba.ini
[2011.04.16 17:02:08 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.04.16 15:39:30 | 000,001,078 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.04.16 15:39:30 | 000,001,044 | -H-- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011.04.16 15:34:52 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011.04.16 14:26:15 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.16 14:26:15 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.16 14:12:44 | 000,032,812 | ---- | M] () -- C:\Users\***\Desktop\Pokemon - Kristall-Edition (D).sav
[2011.04.16 12:18:56 | 000,032,768 | ---- | M] () -- C:\Users\***\Desktop\Pokemon Rot (D).sav
[2011.04.16 12:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.16 12:12:43 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.16 04:00:38 | 000,001,823 | ---- | M] () -- C:\Users\***\Desktop\xp-AntiSpy.lnk
[2011.04.15 23:07:15 | 000,028,672 | ---- | M] () -- C:\Windows\System32\mfc100sus.dll
[2011.04.15 14:04:03 | 004,320,860 | ---- | M] () -- C:\Users\***\Desktop\ComboFix.exe
[2011.04.15 03:16:05 | 000,265,640 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 21:58:48 | 000,027,275 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.png
[2011.04.14 21:58:48 | 000,001,460 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2011.04.14 06:15:24 | 000,000,260 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.04.14 05:39:24 | 000,001,885 | -H-- | M] () -- C:\Users\***\Desktop\Mozilla Firefox (2).lnk
[2011.04.14 05:15:22 | 000,001,885 | -H-- | M] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2011.04.14 04:51:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.14 04:33:15 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.14 04:11:48 | 000,001,120 | -H-- | M] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
[2011.04.14 03:37:53 | 000,654,372 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.14 03:37:53 | 000,616,254 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.14 03:37:53 | 000,129,986 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.14 03:37:53 | 000,106,376 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.13 21:36:25 | 000,444,952 | -H-- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.04.13 21:36:25 | 000,109,080 | -H-- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.04.10 20:40:19 | 000,138,264 | -H-- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.10 20:40:11 | 000,234,768 | -H-- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.04.09 01:19:44 | 000,001,316 | -H-- | M] () -- C:\Users\***\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.08 12:09:51 | 000,000,214 | -H-- | M] () -- C:\Windows\System32\Script.vbs
[2011.04.06 14:08:54 | 000,000,925 | -H-- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.04 22:03:01 | 000,002,033 | -H-- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Demo.lnk
[2011.04.03 03:33:19 | 000,002,002 | -H-- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk
[2011.04.03 03:33:17 | 000,000,324 | -H-- | M] () -- C:\Windows\game.ini
[2011.03.30 19:50:20 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.03.30 19:45:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.03.29 22:18:22 | 000,000,856 | -H-- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2011.03.20 08:04:03 | 000,000,239 | -H-- | M] () -- C:\Windows\SIERRA.INI
[2011.03.19 23:24:26 | 000,000,080 | -H-- | M] () -- C:\Users\***\AppData\Local\X-Plane Installer.prf
[2011.03.17 17:38:41 | 000,138,056 | -H-- | M] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
 
========== Files Created - No Company Name ==========
 
[2011.04.16 15:39:30 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.04.16 15:34:52 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011.04.16 09:46:56 | 002,396,160 | R--- | C] () -- C:\Users\***\Desktop\FlatOut2.exe
[2011.04.16 09:46:44 | 559,116,397 | R--- | C] () -- C:\Users\***\Desktop\demo.bfs
[2011.04.16 04:00:38 | 000,001,823 | ---- | C] () -- C:\Users\***\Desktop\xp-AntiSpy.lnk
[2011.04.16 00:51:59 | 000,032,812 | ---- | C] () -- C:\Users\***\Desktop\Pokemon - Kristall-Edition (D).sav
[2011.04.15 23:07:15 | 000,028,672 | ---- | C] () -- C:\Windows\System32\mfc100sus.dll
[2011.04.15 14:02:49 | 004,320,860 | ---- | C] () -- C:\Users\***\Desktop\ComboFix.exe
[2011.04.15 00:53:33 | 000,032,768 | ---- | C] () -- C:\Users\***\Desktop\Pokemon Rot (D).sav
[2011.04.15 00:53:29 | 000,002,426 | ---- | C] () -- C:\Users\***\Desktop\vba.ini
[2011.04.14 21:58:48 | 000,027,275 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.png
[2011.04.14 21:58:48 | 000,001,460 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.04.14 06:09:21 | 000,002,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.04.14 05:56:37 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.04.14 05:56:21 | 000,000,260 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.04.14 05:39:24 | 000,001,885 | -H-- | C] () -- C:\Users\***\Desktop\Mozilla Firefox (2).lnk
[2011.04.14 05:15:22 | 000,001,885 | -H-- | C] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2011.04.14 04:33:15 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.14 04:11:48 | 000,001,120 | -H-- | C] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
[2011.04.12 20:41:31 | 000,007,680 | -HS- | C] () -- C:\ProgramData\tiff208img.obj
[2011.04.10 03:01:03 | 000,001,298 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.04.04 22:03:01 | 000,002,033 | -H-- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Demo.lnk
[2011.04.03 03:33:19 | 000,002,002 | -H-- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk
[2011.03.31 00:27:56 | 000,000,324 | -H-- | C] () -- C:\Windows\game.ini
[2011.03.25 17:10:57 | 001,048,576 | -H-- | C] () -- C:\Users\***\Desktop\Pokemon Rot (D).gb
[2011.03.21 18:03:56 | 002,097,152 | -H-- | C] () -- C:\Users\***\Desktop\Pokemon - Kristall-Edition (D).gbc
[2011.03.19 23:24:26 | 000,000,080 | -H-- | C] () -- C:\Users\***\AppData\Local\X-Plane Installer.prf
[2011.02.24 18:21:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.17 15:48:15 | 000,000,020 | -H-- | C] () -- C:\Windows\mafosav.INI
[2011.02.09 13:03:04 | 000,000,239 | -H-- | C] () -- C:\Windows\SIERRA.INI
[2011.02.07 02:34:41 | 000,000,000 | -H-- | C] () -- C:\Windows\Editor.INI
[2011.01.31 18:20:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.22 02:35:05 | 000,138,264 | -H-- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.22 02:35:04 | 000,138,056 | -H-- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2011.01.22 02:34:44 | 000,234,768 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.22 02:34:26 | 000,794,408 | -H-- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.01.22 02:34:26 | 000,075,136 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.08 09:13:48 | 000,043,520 | -H-- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.01.04 21:41:25 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010.10.14 01:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.07.14 10:47:43 | 000,654,372 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,986 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,254 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,376 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.04.08 17:19:24 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.01.08 09:13:57 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Atari
[2011.02.02 19:38:12 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.04.14 07:01:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Digitanks
[2011.01.03 06:12:13 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.04 19:42:16 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.02.05 16:43:04 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FOG Downloader
[2011.04.14 07:01:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011.04.14 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.04.12 14:49:31 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.04.12 14:17:53 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.01.04 11:22:09 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Local
[2011.04.06 05:36:09 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Petroglyph
[2011.04.14 07:01:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2011.03.14 05:50:18 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.04.14 07:00:59 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\temp
[2011.02.07 17:41:23 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Thies Gerken
[2011.02.15 08:18:51 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.04.14 07:00:59 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.01.15 03:31:51 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.04.14 05:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2011.04.14 07:00:59 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ZombieDriver
[2011.04.14 21:41:43 | 000,032,640 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.16 17:02:08 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.04.14 06:15:24 | 000,000,260 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

markusg · 16.04.2011, 16:36

lösche mal combofix.
öffne dann die tutorial seite, rechtsklick auf download link, ziehl speichern unter.
lösche bei namen
combofix.exe
und schreib 2345.com
speichere und führe mit rechtsklick, als admin starten aus

Carbonas · 17.04.2011, 12:33

irgendwie will mich da irgendetwas veräppeln.
Ich habe das gemacht und trotzdem zeigt der mir das an.

markusg · 17.04.2011, 13:22

ok erst mal was anderes.
lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

16.04.2011, 10:05	#11
markusg /// Malware-holic	[Wichtig] critical error hard drive not found und die anderen Übeltäter poste mal ein neues otl.txt file __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

[Wichtig] critical error hard drive not found und die anderen Übeltäter

Log-Analyse und Auswertung: [Wichtig] critical error hard drive not found und die anderen Übeltäter