Think point eingefangen

#1 Habe mir Think point eingefangen beim download eines Spielepatches.

Code

OTL logfile created on: 18.11.2010 22:20:18 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\TheIncredible\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,89 Gb Total Space | 150,52 Gb Free Space | 59,52% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,52 Gb Free Space | 97,61% Space Free | Partition Type: NTFS
Drive E: | 158,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: CHRIS | User Name: TheIncredible | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\TheIncredible\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\TheIncredible\AppData\Roaming\hotfix.exe (ABC Ltd.)
PRC - C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe ()
PRC - C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe ()
PRC - C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
PRC - C:\Programme\Gomez\GomezPEER\bin\GomezPEER.exe ()
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Gomez\GomezPEER\jre\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\TheIncredible\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (WinRing0_1_2_0) -- D:\test\ECECECEC\WinRing0.sys File not found
DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\TheIncredible\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.10.17 05:14:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 07:31:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.17 14:41:54 | 000,000,000 | ---D | M]
 
[2010.10.18 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\mozilla\Extensions
[2010.11.17 20:56:17 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\mozilla\Firefox\Profiles\hhdbst8g.default\extensions
[2010.11.04 20:27:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\TheIncredible\AppData\Roaming\mozilla\Firefox\Profiles\hhdbst8g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.21 00:38:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\TheIncredible\AppData\Roaming\mozilla\Firefox\Profiles\hhdbst8g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.23 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\mozilla\Firefox\Profiles\hhdbst8g.default\extensions\vshare@toolbar
[2010.10.20 20:17:50 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\mozilla\Firefox\Profiles\hhdbst8g.default\extensions\youtube2mp3@mondayx.de
[2010.10.18 10:35:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.13 21:57:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.13 21:56:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.15 20:37:53 | 000,000,862 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 209.59.135.116 www.playforyourclub.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\TheIncredible\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HJRUDZ5DT2] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (C:\Users\TheIncredible\AppData\Roaming\hotfix.exe) - C:\Users\TheIncredible\AppData\Roaming\hotfix.exe (ABC Ltd.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.11.21 01:23:14 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6b65d0b3-6e4d-11df-89b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b65d0b3-6e4d-11df-89b4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2008.06.09 21:13:12 | 000,218,184 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d9226002-e9c2-11df-96c2-88ae1d2a429b}\Shell - "" = AutoRun
O33 - MountPoints2\{d9226002-e9c2-11df-96c2-88ae1d2a429b}\Shell\AutoRun\command - "" = F:\als_inst.exe -- File not found
O33 - MountPoints2\{d9226002-e9c2-11df-96c2-88ae1d2a429b}\Shell\directx\command - "" = F:\DirectX\DirectXInstallSelector.exe -- File not found
O33 - MountPoints2\{d9226002-e9c2-11df-96c2-88ae1d2a429b}\Shell\setup\command - "" = F:\als_inst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.11.18 21:58:24 | 000,600,576 | ---- | C] (ABC Ltd.) -- C:\Users\TheIncredible\AppData\Roaming\hotfix.exe
[2010.11.18 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\Princess Isabella
[2010.11.14 17:45:40 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\Malwarebytes
[2010.11.14 17:45:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.11.14 17:45:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.11.14 17:45:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.14 17:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.14 12:24:49 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010.11.13 23:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2010.11.13 23:52:59 | 000,000,000 | ---D | C] -- C:\Programme\Royal Envoy
[2010.11.13 22:08:05 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\Sahmon Games
[2010.11.13 22:07:05 | 000,000,000 | ---D | C] -- C:\Programme\The Island - Castaway
[2010.11.13 15:39:07 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
[2010.11.13 12:33:30 | 003,890,920 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\System32\GameMon.des
[2010.11.13 12:32:43 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\System32\npptNT2.sys
[2010.11.13 12:32:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\INCA Shared
[2010.11.11 22:58:50 | 000,000,000 | ---D | C] -- C:\Programme\gPotato.eu
[2010.11.11 20:40:52 | 000,000,000 | ---D | C] -- C:\Programme\Neffy
[2010.11.11 17:18:00 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.11.06 17:26:06 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2010.11.06 17:25:41 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\DAEMON Tools Lite
[2010.11.06 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.11.06 17:15:35 | 000,000,000 | ---D | C] -- C:\AliceSoft
[2010.11.05 21:31:42 | 000,000,000 | ---D | C] -- C:\Programme\Crazy TV
[2010.11.05 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Local\sowhat
[2010.11.05 17:47:52 | 000,000,000 | ---D | C] -- C:\Programme\Angelo
[2010.11.05 17:47:14 | 000,000,000 | ---D | C] -- C:\Programme\bfgclient
[2010.11.05 17:44:50 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2010.11.05 13:23:32 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Local\JollyBear
[2010.11.05 13:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\JollyBear
[2010.11.05 10:30:00 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\RobinHoodDifference
[2010.11.05 10:30:00 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\.hAWabAzAr
[2010.11.05 10:29:54 | 000,000,000 | ---D | C] -- C:\Programme\Robin Hood - A Twisted Fairytale
[2010.11.05 10:29:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2010.11.05 10:20:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.11.05 10:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.11.04 10:20:17 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Local\Unity
[2010.10.29 19:16:58 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.10.27 07:37:09 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CPFilters.dll
[2010.10.27 07:37:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2010.10.27 07:37:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2010.10.27 07:37:08 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mpg2splt.ax
[2010.10.27 07:37:05 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2010.10.26 17:03:39 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\Oberon
[2010.10.26 17:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon
[2010.10.25 21:30:18 | 000,000,000 | ---D | C] -- C:\Programme\Artist Colony
[2010.10.25 19:51:05 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Local\Artist Colony
[2010.10.25 19:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Artist Colony
[2010.10.25 17:56:36 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\Realore_Whiterra Roads Of Rome
[2010.10.25 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\YoudaGames
[2010.10.24 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Roaming\Merscom
[2010.10.24 17:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Merscom
[2010.10.24 14:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DivoGames
[2010.10.24 14:25:45 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Oberon Media
[2010.10.24 14:25:05 | 000,000,000 | ---D | C] -- C:\Programme\Oberon Media
[2010.10.24 14:25:04 | 000,000,000 | ---D | C] -- C:\Programme\Sat1 Spiele
[2010.10.22 12:36:04 | 000,000,000 | ---D | C] -- C:\Users\TheIncredible\AppData\Local\Microsoft Help
[2010.10.22 12:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.10.20 07:31:25 | 000,000,000 | ---D | C] -- C:\windows\Internet Logs
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.11.18 22:13:39 | 000,000,308 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.18 22:07:43 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.18 22:07:43 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.18 22:06:24 | 000,000,006 | ---- | M] () -- C:\Users\TheIncredible\AppData\Roaming\start
[2010.11.18 22:04:41 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.11.18 22:04:41 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.11.18 22:04:41 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.11.18 22:04:41 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.11.18 22:04:31 | 000,000,006 | ---- | M] () -- C:\Users\TheIncredible\AppData\Roaming\completescan
[2010.11.18 22:00:31 | 000,000,308 | -H-- | M] () -- C:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.11.18 22:00:31 | 000,000,308 | -H-- | M] () -- C:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.11.18 22:00:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.11.18 22:00:10 | 1579,626,496 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.18 21:59:08 | 000,000,010 | ---- | M] () -- C:\Users\TheIncredible\AppData\Roaming\install
[2010.11.18 21:58:24 | 000,600,576 | ---- | M] (ABC Ltd.) -- C:\Users\TheIncredible\AppData\Roaming\hotfix.exe
[2010.11.18 21:58:24 | 000,000,276 | ---- | M] () -- C:\Users\TheIncredible\AppData\Roaming\scgdfgasfbh.bat
[2010.11.18 20:46:36 | 000,002,215 | ---- | M] () -- C:\Users\TheIncredible\Desktop\Princess Isabella A Witch’s Curse.lnk
[2010.11.17 14:41:54 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.13 23:53:31 | 000,001,005 | ---- | M] () -- C:\Users\TheIncredible\Desktop\Royal Envoy.lnk
[2010.11.13 15:39:08 | 000,000,953 | ---- | M] () -- C:\Users\TheIncredible\Desktop\SopCast.lnk
[2010.11.11 23:05:41 | 000,001,072 | ---- | M] () -- C:\Users\TheIncredible\Desktop\Flyff.lnk
[2010.11.11 20:47:45 | 622,807,012 | ---- | M] () -- C:\Program Files\Flyff_Eu_De_Setup.exe
[2010.11.11 18:58:45 | 000,012,313 | ---- | M] () -- C:\Users\TheIncredible\Desktop\Monatsplanung Oktober.xlsx
[2010.11.06 18:11:07 | 000,002,057 | ---- | M] () -- C:\Users\TheIncredible\Desktop\Sengoku Rance English.lnk
[2010.11.06 17:26:41 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.11.06 17:26:39 | 000,691,696 | ---- | M] () -- C:\windows\System32\drivers\sptd.sys
[2010.11.02 15:38:23 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010.11.02 15:38:23 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2010.10.25 21:30:25 | 000,001,093 | ---- | M] () -- C:\Users\TheIncredible\Desktop\Play Artist Colony.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.11.18 22:06:24 | 000,000,006 | ---- | C] () -- C:\Users\TheIncredible\AppData\Roaming\start
[2010.11.18 22:04:31 | 000,000,006 | ---- | C] () -- C:\Users\TheIncredible\AppData\Roaming\completescan
[2010.11.18 21:59:08 | 000,000,010 | ---- | C] () -- C:\Users\TheIncredible\AppData\Roaming\install
[2010.11.18 21:58:24 | 000,000,276 | ---- | C] () -- C:\Users\TheIncredible\AppData\Roaming\scgdfgasfbh.bat
[2010.11.18 21:56:01 | 000,000,308 | -H-- | C] () -- C:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.11.18 21:55:57 | 000,000,308 | -H-- | C] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.18 21:55:53 | 000,000,308 | -H-- | C] () -- C:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.11.18 20:46:36 | 000,002,215 | ---- | C] () -- C:\Users\TheIncredible\Desktop\Princess Isabella A Witch’s Curse.lnk
[2010.11.13 23:53:31 | 000,001,005 | ---- | C] () -- C:\Users\TheIncredible\Desktop\Royal Envoy.lnk
[2010.11.13 15:39:08 | 000,000,953 | ---- | C] () -- C:\Users\TheIncredible\Desktop\SopCast.lnk
[2010.11.13 12:32:43 | 000,005,174 | ---- | C] () -- C:\windows\System32\nppt9x.vxd
[2010.11.11 23:05:41 | 000,001,072 | ---- | C] () -- C:\Users\TheIncredible\Desktop\Flyff.lnk
[2010.11.11 20:41:44 | 622,807,012 | ---- | C] () -- C:\Programme\Flyff_Eu_De_Setup.exe
[2010.11.06 18:11:07 | 000,002,057 | ---- | C] () -- C:\Users\TheIncredible\Desktop\Sengoku Rance English.lnk
[2010.11.06 17:26:41 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.11.06 17:26:39 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010.11.05 10:20:38 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.25 21:30:25 | 000,001,093 | ---- | C] () -- C:\Users\TheIncredible\Desktop\Play Artist Colony.lnk
[2010.10.20 14:36:03 | 029,208,422 | ---- | C] () -- C:\Users\TheIncredible\Desktop\WS450007.WMA
[2010.10.20 14:35:59 | 017,296,266 | ---- | C] () -- C:\Users\TheIncredible\Desktop\WS450006.WMA
[2010.10.20 14:35:46 | 054,143,898 | ---- | C] () -- C:\Users\TheIncredible\Desktop\WS450004.WMA
[2010.10.20 14:26:37 | 049,454,308 | ---- | C] () -- C:\Users\TheIncredible\Desktop\WS450003.WMA
[2010.10.20 14:26:26 | 045,362,118 | ---- | C] () -- C:\Users\TheIncredible\Desktop\WS450002.WMA
[2010.10.20 14:26:11 | 062,101,266 | ---- | C] () -- C:\Users\TheIncredible\Desktop\WS450001.WMA
[2010.06.02 15:01:23 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010.06.02 15:01:23 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010.06.02 15:01:23 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010.06.02 15:01:23 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010.06.02 15:01:23 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010.06.02 15:01:11 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010.06.02 15:00:39 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2010.06.02 14:58:39 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.11.18 22:27:23 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\BitTorrent
[2010.11.06 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\DAEMON Tools Lite
[2010.10.19 08:35:42 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Friday's games
[2010.10.14 02:43:10 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Gomez
[2010.10.15 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Lenovo
[2010.10.24 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Merscom
[2010.10.26 17:03:39 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Oberon
[2010.10.19 02:56:03 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Peace Craft
[2010.11.18 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Princess Isabella
[2010.10.14 15:45:42 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\QIP
[2010.11.05 10:30:00 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\RobinHoodDifference
[2010.11.13 22:08:05 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Sahmon Games
[2010.11.12 11:12:44 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\SoftGrid Client
[2010.10.19 13:03:13 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\TP
[2010.10.15 23:10:26 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\TS3Client
[2010.10.25 16:52:17 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\YoudaGames
[2010.10.19 08:35:40 | 000,000,000 | ---D | M] -- C:\Users\TheIncredible\AppData\Roaming\Zylom
[2009.07.14 05:53:46 | 000,019,776 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.18 22:13:39 | 000,000,308 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.18 22:00:31 | 000,000,308 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.11.18 22:00:31 | 000,000,308 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:AAA14AF9
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1D60AEC3
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:7EE43C06
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E1069F99
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:9296EC11
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A243178D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:195E9213
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:18BFD8F8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:D05E7A8B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8DCF53BE

< End of report >

Code

OTL Extras logfile created on: 18.11.2010 22:20:18 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\TheIncredible\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,89 Gb Total Space | 150,52 Gb Free Space | 59,52% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,52 Gb Free Space | 97,61% Space Free | Partition Type: NTFS
Drive E: | 158,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: CHRIS | User Name: TheIncredible | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117256953}" = Artist Colony
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117629560}" = Princess Isabella A Witch’s Curse
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117664753}" = Nat Geo Lost City of Z
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117929370}" = Big City Adventure New York City
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118842860}" = Be Rich
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119314100}" = Rachel’s Retreat
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119333493}" = Roads of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119404747}" = Youda Survivor
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBF8F203-FED9-A191-680D-C35B22237196}" = Robin Hood - A Twisted Fairytale
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Artist Colony 2.0.0.9" = Artist Colony 2.0.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Angelo" = Angelo
"BFGC" = Big Fish Games: Game Manager
"BitTorrent" = BitTorrent
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"Crazy TV_is1" = Crazy TV v1.3
"GomezPEER" = GomezPEER
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Neffy" = Neffy 1,3,29,0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RealPlayer 12.0" = RealPlayer
"RobinHoodDifference" = Robin Hood - A Twisted Fairytale
"Sengoku Rance English_is1" = Sengoku Rance English v1.01
"SopCast" = SopCast 3.2.9
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TVWiz" = Intel(R) TV Wizard
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
"My Kingdom for the Princess Deluxe" = My Kingdom for the Princess Deluxe
"UnityWebPlayer" = Unity Web Player
"Vacation Mogul Deluxe" = Vacation Mogul Deluxe
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 19.10.2010 03:19:46 | Computer Name = Chris | Source = Application Hang | ID = 1002
Description = Programm realplay.exe, Version 12.0.0.879 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 8d0    Startzeit: 
01cb6f5dce5f5f92    Endzeit: 60000    Anwendungspfad: C:\Program Files\Real\RealPlayer\realplay.exe

Berichts-ID:
 1208cf5e-db51-11df-9bb0-88ae1d2a429b  
 
Error - 19.10.2010 06:56:16 | Computer Name = Chris | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 19.10.2010 11:50:12 | Computer Name = Chris | Source = Application Hang | ID = 1002
Description = Programm RealPlay.exe, Version 12.0.0.879 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 950    Startzeit: 
01cb6fa3b73b639c    Endzeit: 60000    Anwendungspfad: C:\Program Files\Real\RealPlayer\RealPlay.exe

Berichts-ID:
 6210393b-db98-11df-a074-88ae1d2a429b  
 
Error - 20.10.2010 07:54:46 | Computer Name = Chris | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 20.10.2010 21:46:09 | Computer Name = Chris | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 23.10.2010 02:05:02 | Computer Name = Chris | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 24.10.2010 20:59:30 | Computer Name = Chris | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 25.10.2010 21:00:13 | Computer Name = Chris | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 26.10.2010 22:20:40 | Computer Name = Chris | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 28.10.2010 18:41:34 | Computer Name = Chris | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
[ System Events ]
Error - 20.10.2010 09:33:57 | Computer Name = Chris | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 20.10.2010 09:34:00 | Computer Name = Chris | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 21.10.2010 02:48:57 | Computer Name = Chris | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 23.10.2010 21:33:29 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?10.?2010 um 03:32:06 unerwartet heruntergefahren.
 
Error - 24.10.2010 08:05:02 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?10.?2010 um 14:02:34 unerwartet heruntergefahren.
 
Error - 25.10.2010 07:40:58 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?10.?2010 um 13:40:10 unerwartet heruntergefahren.
 
Error - 27.10.2010 02:08:48 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?10.?2010 um 08:07:17 unerwartet heruntergefahren.
 
Error - 28.10.2010 13:40:31 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?10.?2010 um 19:39:12 unerwartet heruntergefahren.
 
Error - 29.10.2010 02:30:26 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?10.?2010 um 08:29:32 unerwartet heruntergefahren.
 
Error - 29.10.2010 09:33:42 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?10.?2010 um 15:32:31 unerwartet heruntergefahren.
 
 
< End of report >

Code

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-18 23:08:03
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PB3Z
Running: z5jb1jd4.exe; Driver: C:\Users\THEINC~1\AppData\Local\Temp\kxldqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                             82A89599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                      82AADF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\wininet.dll [USER32.dll!CreateWindowExW]           [00412D0B] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\wininet.dll [USER32.dll!SetWindowPos]              [00412E31] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA]           [00412C93] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW]           [00412D0B] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\ole32.dll [USER32.dll!CreateWindowExW]             [00412D0B] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\ole32.dll [USER32.dll!ShowWindow]                  [00412D83] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\shell32.DLL [USER32.dll!CreateWindowExW]           [00412D0B] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\shell32.DLL [USER32.dll!SetWindowPos]              [00412E31] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe[1492] @ C:\windows\system32\shell32.DLL [USER32.dll!ShowWindow]                [00412D83] C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\wininet.dll [USER32.dll!DialogBoxParamW]           [00418CC4] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\wininet.dll [USER32.dll!CreateWindowExW]           [00418B32] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\wininet.dll [USER32.dll!MessageBoxW]               [00418CD0] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\wininet.dll [USER32.dll!SetWindowPos]              [00418C58] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW]           [00418CC4] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA]           [00418CC4] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA]           [00418ABA] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW]           [00418B32] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxW]               [00418CD0] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\ole32.dll [USER32.dll!CreateWindowExW]             [00418B32] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\ole32.dll [USER32.dll!DialogBoxParamW]             [00418CC4] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\ole32.dll [USER32.dll!MessageBoxW]                 [00418CD0] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\ole32.dll [USER32.dll!ShowWindow]                  [00418BAA] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\shell32.DLL [USER32.dll!MessageBoxW]               [00418CD0] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\shell32.DLL [USER32.dll!DialogBoxParamW]           [00418CC4] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\shell32.DLL [USER32.dll!CreateWindowExW]           [00418B32] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\shell32.DLL [USER32.dll!MessageBoxIndirectW]       [00418CBE] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\shell32.DLL [USER32.dll!SetWindowPos]              [00418C58] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe[1512] @ C:\windows\system32\shell32.DLL [USER32.dll!ShowWindow]                [00418BAA] C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\wininet.dll [USER32.dll!CreateWindowExW]           [0041B116] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\wininet.dll [USER32.dll!SetWindowPos]              [0041B242] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA]           [0041B09C] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW]           [0041B116] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\ole32.dll [USER32.dll!CreateWindowExW]             [0041B116] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\ole32.dll [USER32.dll!ShowWindow]                  [0041B190] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\shell32.dll [USER32.dll!CreateWindowExW]           [0041B116] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\shell32.dll [USER32.dll!SetWindowPos]              [0041B242] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe
IAT             C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe[3284] @ C:\windows\system32\shell32.dll [USER32.dll!ShowWindow]                [0041B190] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                            
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x21 0xBF 0xB6 0x2A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                   
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x14 0xE1 0x84 0xC7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                              
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x80 0xEB 0x31 0xE4 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)                             
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                        
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                             C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                             0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                             0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0x21 0xBF 0xB6 0x2A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                    0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                 0x14 0xE1 0x84 0xC7 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)          
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                            0x80 0xEB 0x31 0xE4 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Sat1 Spiele\Rachel\x2019s Retreat\Uninstall.exe  1

---- Files - GMER 1.0.15 ----

File            C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BR5TETER\quant[1].js            5265 bytes
File            C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BR5TETER\iframe3[5].htm         0 bytes

---- EOF - GMER 1.0.15 ----

#2 hast du das hier schon versucht?
http://www.trojaner-board.de/92132-thinkpoint-entfernen.html

#3 jein
es scheitert schon am ersten punkt (kann taskmanager auf keine art öffnen,weil sich dann immer think point meldet)

#4 hab die anleitung jetzt doch befolgen können (lustigerweise dank think point, da es mir angezeigt hat bei seinem "fakescan" wo mein taskmanager gespeichert ist und ich ihn daher mit dem selben trick starten konnte wie auch schon firefox wieder lief..indem ich es als administrator ausführte)

Code

This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 
Ran as TheIncredible on 18.11.2010 at 23:25:02. 


Services Stopped:


Processes terminated by Rkill or while it was running: 


C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe
C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe
C:\Users\TheIncredible\AppData\Local\Temp\Pbm.exe
C:\Users\TheIncredible\Downloads\rkill.com


Rkill completed on 18.11.2010  at 23:25:08. 

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5114

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.11.2010 00:18:25
mbam-log-2010-11-19 (00-18-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|)
Durchsuchte Objekte: 225804
Laufzeit: 48 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\TheIncredible\AppData\Roaming\hotfix.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

#5 keiner da der helfen kann?

#6 sorry.

1. weist du noch wo du den patch her hast? wenn ja, link an mich als private nachicht.
2
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\TheIncredible\AppData\Roaming\hotfix.exe (ABC Ltd.)
PRC - C:\Users\THEINC~1\AppData\Local\Temp\Pbq.exe ()
PRC - C:\Users\THEINC~1\AppData\Local\Temp\Pbo.exe ()
PRC - C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe ()
O4 - HKCU..\Run: [HJRUDZ5DT2] C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe ()
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\TheIncredible\AppData\Roaming\hotfix.exe) - C:\Users\TheIncredible\AppData\Roaming\hotfix.exe (ABC Ltd.)
[2010.11.18 21:58:24 | 000,000,276 | ---- | M] () -- C:\Users\TheIncredible\AppData\Roaming\scgdfgasfbh.bat
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten.


öffne mein computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.

das archiv bei
www.file-upload.net
hochladen, link als private nachicht an mich.

#7 zu 1.: Nein weiß ich leider nicht mehr...irgendwie über Sat1 Spiele-Forum
zu 2.:
All processes killed
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <#6 sorry.> in the current context!
Error: Unable to interpret <1. weist du noch wo du den patch her hast? wenn ja, link an mich als private nachicht.> in the current context!
Error: Unable to interpret <2> in the current context!
Error: Unable to interpret <• Starte bitte die OTL.exe> in the current context!
Error: Unable to interpret <• Kopiere nun das Folgende in die Textbox.> in the current context!
========== OTL ==========
No active process named hotfix.exe was found!
No active process named Pbq.exe was found!
No active process named Pbo.exe was found!
No active process named Pbm.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HJRUDZ5DT2 not found.
File C:\Users\THEINC~1\AppData\Local\Temp\Pbm.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VeriFaceManager deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.
File C:\Users\TheIncredible\AppData\Roaming\hotfix.exe not found.
C:\Users\TheIncredible\AppData\Roaming\scgdfgasfbh.bat moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TheIncredible
->Flash cache emptied: 109777 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TheIncredible
->Temp folder emptied: 91041977 bytes
->Temporary Internet Files folder emptied: 59924010 bytes
->Java cache emptied: 9695948 bytes
->FireFox cache emptied: 106153618 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39543608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 292,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11232010_132122

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#8 ok.
bitte erstelle und poste ein combofix log.
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

#9 ComboFix 10-11-28.04 - TheIncredible 29.11.2010 8:11.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2009.1164 [GMT 1:00]
ausgeführt von:: c:\users\TheIncredible\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\TheIncredible\AppData\Roaming\completescan
c:\users\TheIncredible\AppData\Roaming\install
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((( Dateien erstellt von 2010-10-28 bis 2010-11-29 ))))))))))))))))))))))))))))))
.

2010-11-29 07:18 . 2010-11-29 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-27 18:08 . 2010-11-27 18:08 -------- d-----w- c:\windows\system32\TVUAx
2010-11-26 17:14 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2E46CBF-60FC-4F1D-8485-03E09CA2864B}\mpengine.dll
2010-11-24 05:46 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 12:21 . 2010-11-23 12:26 -------- d-----w- C:\_OTL
2010-11-18 23:45 . 2010-11-18 23:45 -------- d-----w- c:\users\TheIncredible\AppData\Roaming\Princess Isabella CE
2010-11-18 19:47 . 2010-11-18 19:47 -------- d-----w- c:\users\TheIncredible\AppData\Roaming\Princess Isabella
2010-11-14 16:45 . 2010-11-14 16:45 -------- d-----w- c:\users\TheIncredible\AppData\Roaming\Malwarebytes
2010-11-14 16:45 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 16:45 . 2010-11-14 16:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-14 16:45 . 2010-11-14 16:45 -------- d-----w- c:\programdata\Malwarebytes
2010-11-14 16:45 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 11:24 . 2010-11-14 11:24 -------- d-----w- c:\windows\Sun
2010-11-13 22:53 . 2010-11-13 22:53 -------- d-----w- c:\programdata\Playrix Entertainment
2010-11-13 22:52 . 2010-11-13 22:53 -------- d-----w- c:\program files\Royal Envoy
2010-11-13 21:08 . 2010-11-13 21:08 -------- d-----w- c:\users\TheIncredible\AppData\Roaming\Sahmon Games
2010-11-13 21:07 . 2010-11-14 08:39 -------- d-----w- c:\program files\The Island - Castaway
2010-11-13 14:39 . 2010-11-13 14:39 -------- d-----w- c:\program files\SopCast
2010-11-13 11:33 . 2010-06-17 21:50 3890920 ----a-w- c:\windows\system32\GameMon.des
2010-11-13 11:32 . 2005-01-04 09:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-11-13 11:32 . 2003-07-20 18:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2010-11-13 11:32 . 2010-11-13 11:32 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-11-11 21:58 . 2010-11-11 21:58 -------- d-----w- c:\program files\gPotato.eu
2010-11-11 19:41 . 2010-11-11 19:47 622807012 ----a-w- c:\program files\Flyff_Eu_De_Setup.exe
2010-11-11 19:40 . 2010-11-11 19:40 -------- d-----w- c:\program files\Neffy
2010-11-11 16:18 . 2010-11-11 16:18 -------- d-----r- C:\MSOCache
2010-11-06 16:26 . 2010-11-06 16:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-06 16:26 . 2010-11-06 16:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-06 16:25 . 2010-11-06 17:09 -------- d-----w- c:\users\TheIncredible\AppData\Roaming\DAEMON Tools Lite
2010-11-06 16:25 . 2010-11-06 16:25 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-11-06 16:15 . 2010-11-06 17:05 -------- d-----w- C:\AliceSoft
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-05 20:31 . 2010-11-05 20:31 -------- d-----w- c:\program files\Crazy TV
2010-11-05 16:48 . 2010-11-05 16:48 -------- d-----w- c:\users\TheIncredible\AppData\Local\sowhat
2010-11-05 12:23 . 2010-11-05 12:23 -------- d-----w- c:\users\TheIncredible\AppData\Local\JollyBear
2010-11-05 12:23 . 2010-11-05 12:23 -------- d-----w- c:\programdata\JollyBear
2010-11-05 09:30 . 2010-11-05 09:30 -------- dc----w- c:\users\TheIncredible\.hAWabAzAr
2010-11-05 09:30 . 2010-11-05 09:30 -------- d-----w- c:\users\TheIncredible\AppData\Roaming\RobinHoodDifference
2010-11-05 09:29 . 2010-11-05 09:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-05 09:20 . 2010-11-05 09:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-05 09:19 . 2010-11-05 09:19 -------- d-----w- c:\programdata\McAfee
2010-11-04 09:20 . 2010-11-04 09:20 -------- d-----w- c:\users\TheIncredible\AppData\Local\Unity

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 06:03 . 2010-10-15 18:22 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-02 14:38 . 2010-10-15 18:22 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-19 09:41 . 2010-10-15 18:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-17 04:13 . 2009-07-14 14:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-13 20:56 . 2010-10-13 20:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-12 14:52 . 2010-10-14 14:45 149968 ----a-w- c:\users\TheIncredible\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2010-09-08 04:30 . 2010-10-14 12:21 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-14 12:21 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-14 12:20 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-14 12:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-14 12:20 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-14 12:20 2327552 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-10-13 2988400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-17 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GomezPEER.lnk - c:\program files\Gomez\GomezPEER\bin\GomezPEER.exe [2010-9-14 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTskMgr"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhdbst8g.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\TheIncredible\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhdbst8g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhdbst8g.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhdbst8g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: vShare Plugin: vshare@toolbar - c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhdbst8g.default\extensions\vshare@toolbar
FF - Extension: Escamod: escamod@gmx.net0002 - c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhdbst8g.default\extensions\escamod@gmx.net0002
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-29 08:19:46
ComboFix-quarantined-files.txt 2010-11-29 07:19

Vor Suchlauf: 7 Verzeichnis(se), 164.906.803.200 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 164.828.573.696 Bytes frei

- - End Of File - - D05DB253DB984E3E901E797B4D9B4F8C

#10 Bestehen die Probleme bei Dir noch?

#11 mein pc läuft mindestens 23 stunden am tag (das heißt auch über nacht)...habe momentan nur das problem das der PC dann morgens eingefroren ist (maus geht aber auf klick oder doppelklick oder einfach nur ein aufrufen der taskleiste per move-over funktioniert nicht...das einzige was dann noch geht ist strg+alt+entf und selbst da lässt sich der pc nicht runterfahren oder der taskmanager öffnen) und sich nur per brutalem stromabstellen wieder ans laufen bringen lässt.
Da der Laptop aber noch relativ neu ist weiß ich nicht ob das "normal" ist oder ein Nacheffekt des Befalls.
Ansonsten habe ich keine Probleme mehr...habe aber auch den IE unter Windows deaktiviert

#12 Nein das Verhalten ist natürlich nicht normal aber ich hab da so andere Bedenken ein Notebook >= 23h laufen zu lassen.
Ich rate davon eher ab, sollte das notwendig sein benutz lieber eine Feststation - dir werden andere Probleme über den Weg laufen als nur Software.
__________
E-Mail: therion at ninth-art dot de
IRC: megatherion @ Freenode

#13 sorry ich hab dich total vergessen...
welche probleme treten noch auf?

#14 nur das was ich beschrieben habe
laptop verkraftet es nicht wenn der energiesparmodus (bildschirm aus) anspringt.
Danach bekomme ich den Bildschirm zwar wieder an und kann die Maus bewegen aber das war es dann auch schon hilft nurnoch ein erzwungenes Herunterfahren.

Doppelklick, rechte Maustaste, Move-Over-Effekte (ausgeblendete Taskleiste wieder sichtbar machen) und nen einfacher Mausklick mit der linken Taste funktionieren nicht....kann die Maus nur bewegen

Tastenkombinationen (Strg+Alt+Entf) geht zwar...aber wenn ich dann den Task-Manager aufrufen will sehe ich nurnoch eine Sanduhr

Habe das gefühl das liegt an diesem Energy Management System von Lenovo aber habe alle Einstellungen dort zum Energiesparmodus etc durch glaube ich

Ansonsten frohe Weihnachten!