Pc Desktop nicht sichtbar

Stefan2k10 · 08.08.2010, 13:07

Hallo,

Ich benötige Hilfe. Heute startete ich meinen PC. Alles lief normal. Als ich mich bei meinem Account einloggte dauerte dies extrem lange. nach 2 min erschien dann der Desktop bzw. nur das Hintergrundbild. keine icons keine startleiste. einfach nichts.

Habe mir hierzu schon mal einen Thread im Trojaner Board durchgelesen

http://www.trojaner-board.de/26843-n...icht-mehr.html

und werde auch mal mein HijackThis Logfile posten. Bitte helft mir.

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:58:11, on 08.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\test\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programme\Styler\Styler.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
D:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll
F2 - REG:system.ini: Shell=Explorer.exe,C:\WINDOWS\system32\test\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\test\svchost.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\Styler\TB\StylerTB.dll
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgsr] C:\WINDOWS\system32\test\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Programme\DynDNS Updater\DynTray.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://D:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{25227DB1-89D5-42B3-B89B-1CE62B34B5DD}: NameServer = 216.146.35.35,216.146.36.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{456CCD60-1572-4C4E-BEFB-B6FD4BE83EAB}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6D6619D-C433-4E3D-A039-3188EC661AAF}: NameServer = 216.146.35.35,216.146.36.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Programme\DynDNS Updater\DynUpSvc.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: svchost - Skype Technologies S.A. - C:\WINDOWS\system32\test\svchost.exe

--
End of file - 9162 bytes

--- --- ---

cosinus · 08.08.2010, 13:51

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Stefan2k10 · 08.08.2010, 17:10

Inzwischen habe ich meinen Desktop wieder wenn ich per ausführen explorer.exe starte. nach pc neustart jedoch startet sie nicht von alleine.

Hier die Logfiles:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4406

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.08.2010 18:00:22
mbam-log-2010-08-08 (18-00-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 334364
Laufzeit: 1 Stunde(n), 48 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{pjlb1-7nejtal-p3jlt-21meks-jhrgkg01t} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svchost (Generic.Bot.H) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnmsgsr (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Generic.Bot.H) -> Data: c:\windows\system32\test\svchost.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Generic.Bot.H) -> Data: system32\test\svchost.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\test\svchost.exe) Good: (Userinit.exe) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\test\svchost.exe (Generic.Bot.H) -> No action taken.
D:\Downloads\keygen.exe (RiskWare.Tool.CK) -> No action taken.
D:\Downloads\Alt\EasyAccount.exe (RiskWare.Tool.CK) -> No action taken.
D:\Eigene Dateien\ICQ\224593284\ReceivedFiles\433414417 Lan zocker Flo\Call of Duty 2 Server\patch.exe (Spyware.Passwords) -> No action taken.
D:\Eigene Dateien\ICQ\224593284\ReceivedFiles\433414417 Lan zocker Flo\Call of Duty 4 1.0\Call.Of.Duty.4.Modern.Warfare_KEYGEN-FFF.exe (HackTool.Keygen) -> No action taken.
D:\Eigene Dateien\ICQ\224593284\ReceivedFiles\483465050 J@nis\vtl-bf2k.exe (Trojan.Agent) -> No action taken.
D:\Hackz\COD4\h3he´s Multihack V2\h3heV2.dll (Malware.Packer) -> No action taken.
D:\Hackz\CoD6\Catalyst aim\hack2.dll (Trojan.Agent) -> No action taken.
D:\Hackz\CoD6\Catalyst aim\hack2.exe (Trojan.Agent) -> No action taken.
D:\Hackz\Mueters Multigame\Cleanup.exe (Trojan.Banker) -> No action taken.
D:\Hackz\Mueters Multigame\Injector.exe (Trojan.Banker) -> No action taken.
D:\System Volume Information\_restore{34FA345D-A41F-44B1-9AA7-7C6C47300F17}\RP387\A0123851.exe (Trojan.Agent.CK) -> No action taken.
D:\System Volume Information\_restore{770A2AC3-3C1F-4959-8DAE-C6866778B7BA}\RP159\A0055469.exe (Trojan.Banker) -> No action taken.
D:\System Volume Information\_restore{770A2AC3-3C1F-4959-8DAE-C6866778B7BA}\RP159\A0055471.exe (Trojan.Banker) -> No action taken.
D:\System Volume Information\_restore{770A2AC3-3C1F-4959-8DAE-C6866778B7BA}\RP192\A0067518.dll (Malware.Packer) -> No action taken.

DIe anderen beiden:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.08.2010 18:08:31 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = D:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 10,57 Gb Free Space | 21,66% Space Free | Partition Type: NTFS
Drive D: | 416,92 Gb Total Space | 156,95 Gb Free Space | 37,64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ST3F4N
Current User Name: Stefan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\X-FIre\Xfire\xfire.exe (Xfire Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\TS3\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\WINDOWS\system32\test\svchost.exe (Skype Technologies S.A.)
PRC - C:\Programme\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
PRC - C:\Programme\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Styler\Styler.exe (ta2027)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - D:\Programme\X-FIre\Xfire\xfire_toucan_43094.dll (Xfire Inc.)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\Programme\Styler\StylerHelper.dll (ta2027)
MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (svchost) -- C:\WINDOWS\system32\test\svchost.exe (Skype Technologies S.A.)
SRV - (DynDNS Updater) -- C:\Programme\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (ESLvnic1) -- C:\WINDOWS\system32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (ovt519) -- C:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100529
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programme\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programme\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.07.24 20:53:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.07.24 20:53:35 | 000,000,000 | ---D | M]
 
[2010.01.20 20:17:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Extensions
[2010.08.08 07:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\brwr7jsp.default\extensions
[2010.04.27 13:25:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\brwr7jsp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.08 17:07:49 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\brwr7jsp.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.07.19 16:07:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\brwr7jsp.default\extensions\battlefieldheroespatcher@ea.com
[2010.05.29 15:44:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\brwr7jsp.default\extensions\cfxe@Triton
[2010.05.29 15:44:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\brwr7jsp.default\extensions\cfxHelper@Triton
[2010.05.30 11:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\brwr7jsp.default\extensions\nasanightlaunch@example.com
[2009.07.01 15:19:32 | 000,000,894 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\brwr7jsp.default\searchplugins\conduit.xml
 
O1 HOSTS File: ([2010.08.08 17:16:56 | 000,415,965 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14357 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgsr] C:\WINDOWS\system32\test\svchost.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DynDNS Updater Tray Icon.lnk = C:\Programme\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SetPointII.lnk = C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\Styler.lnk = C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.20 19:26:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f8add50-8770-11df-8c34-00ff01000001}\Shell\AutoRun\command - "" = sp1jensi.exe
O33 - MountPoints2\{0f8add50-8770-11df-8c34-00ff01000001}\Shell\open\Command - "" = sp1jensi.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.08 15:56:43 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.08.08 15:56:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.08.08 15:46:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Malwarebytes
[2010.08.08 15:46:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.08 15:46:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.08 15:46:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.08 14:09:16 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.08.08 14:09:15 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.08.08 14:09:14 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.08.08 14:09:12 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\REGEDIT.COM
[2010.08.08 14:09:12 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.08.08 14:09:12 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TASKMGR.COM
[2010.08.08 14:09:12 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.08.08 14:09:10 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld
[2010.08.08 14:09:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.08.08 12:08:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\test
[2010.08.08 12:03:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2010.08.05 18:58:00 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Stefan\Recent
[2010.08.02 14:19:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\SecuROM
[2010.08.02 14:19:12 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.07.30 05:50:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\HLSW
[2010.07.27 14:00:34 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2010.07.27 14:00:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DAEMON Tools Lite
[2010.07.27 14:00:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.07.26 23:23:12 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2010.07.26 23:23:07 | 000,000,000 | ---D | C] -- C:\Programme\CoD RconTool
[2010.07.22 19:48:25 | 000,000,000 | ---D | C] -- C:\Programme\BF2 Rcon
[2010.07.22 19:48:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Deployment
[2010.07.19 14:47:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Zattoo
[2010.07.19 14:44:06 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[2010.07.19 08:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch
[2010.07.19 08:36:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.07.15 22:53:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Desktop\Womenizer
[2010.07.14 11:09:32 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.10 13:53:37 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Eigene Musik
[2010.07.10 07:16:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\NeroVision
[2010.07.10 07:14:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Ahead
[2010.07.10 07:14:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Ahead
[2010.07.10 07:12:14 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2010.07.10 07:12:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Ahead
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.08 18:06:39 | 000,820,151 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\pinfect.zip
[2010.08.08 18:01:58 | 010,485,760 | -H-- | M] () -- C:\Dokumente und Einstellungen\Stefan\NTUSER.DAT
[2010.08.08 17:16:56 | 000,415,965 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.08 16:41:28 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.08.08 16:00:38 | 000,138,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.08.08 15:56:48 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Spybot - Search & Destroy.lnk
[2010.08.08 15:46:44 | 000,000,555 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.08 15:45:34 | 000,002,239 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\Styler.lnk
[2010.08.08 14:09:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.08.08 14:09:15 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.08.08 14:09:14 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.08.08 14:09:13 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.08.08 13:57:16 | 000,001,986 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\HiJackThis.lnk
[2010.08.08 13:40:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.08 13:40:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.08 13:39:54 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Stefan\ntuser.ini
[2010.08.07 12:13:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010.08.07 06:17:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.07 06:17:08 | 000,048,128 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.06 18:35:13 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2010.08.06 09:56:11 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.05 11:50:18 | 000,042,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.05 10:46:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.04 16:51:57 | 000,000,560 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Trancebase.pls
[2010.08.04 13:20:34 | 000,000,560 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Technobase.pls
[2010.08.03 19:45:05 | 002,641,820 | -H-- | M] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.08.02 14:19:12 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.07.28 11:57:48 | 000,179,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\pc 1.PNG
[2010.07.27 14:00:44 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.07.26 21:52:03 | 000,000,701 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DynDNS Updater Tray Icon.lnk
[2010.07.26 08:36:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.23 20:58:20 | 000,000,114 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\default.pls
[2010.07.23 13:07:27 | 001,043,984 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.23 13:07:27 | 000,458,806 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.23 13:07:27 | 000,440,820 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.23 13:07:27 | 000,084,516 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.23 13:07:27 | 000,071,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.22 19:39:55 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2010.07.19 16:10:31 | 000,138,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\PnkBstrK.sys
[2010.07.19 16:10:11 | 002,427,248 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010.07.19 14:49:00 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.07.16 23:09:27 | 000,000,037 | ---- | M] () -- C:\WINDOWS\window-title-changer.INI
[2010.07.09 21:04:40 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.08 18:06:40 | 000,820,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\pinfect.zip
[2010.08.08 15:56:48 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Spybot - Search & Destroy.lnk
[2010.08.08 15:46:44 | 000,000,555 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.08 14:09:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.08.08 14:09:14 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.08.08 13:57:16 | 000,001,986 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\HiJackThis.lnk
[2010.08.07 12:13:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010.08.04 16:53:25 | 000,000,560 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Trancebase.pls
[2010.08.04 13:20:56 | 000,000,560 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Technobase.pls
[2010.07.28 11:57:46 | 000,179,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\pc 1.PNG
[2010.07.27 14:00:44 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.07.26 21:52:03 | 000,000,701 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DynDNS Updater Tray Icon.lnk
[2010.07.19 14:47:18 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.07.16 23:09:03 | 000,000,037 | ---- | C] () -- C:\WINDOWS\window-title-changer.INI
[2010.07.10 07:22:16 | 000,000,114 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\default.pls
[2010.07.10 07:22:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.05.02 07:33:16 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010.04.08 17:45:28 | 000,000,276 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.03.10 17:22:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2010.02.15 12:06:44 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.02.15 12:06:44 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010.02.15 12:04:13 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010.02.10 19:33:55 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2010.01.21 17:21:21 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000096.DLL
< End of report >

--- --- ---

OTL Extras logfile created on: 08.08.2010 18:08:31 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 10,57 Gb Free Space | 21,66% Space Free | Partition Type: NTFS
Drive D: | 416,92 Gb Total Space | 156,95 Gb Free Space | 37,64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ST3F4N
Current User Name: Stefan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57199:TCP" = 57199:TCP:*:Enabled:Pando Media Booster
"57199:UDP" = 57199:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"57199:TCP" = 57199:TCP:*:Enabled:Pando Media Booster
"57199:UDP" = 57199:UDP:*:Enabled:Pando Media Booster
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"6901:TCP" = 6901:TCP:*:Enabled:League of Legends Launcher
"6901:UDP" = 6901:UDP:*:Enabled:League of Legends Launcher
"6902:TCP" = 6902:TCP:*:Enabled:League of Legends Launcher
"6902:UDP" = 6902:UDP:*:Enabled:League of Legends Launcher
"6882:TCP" = 6882:TCP:*:Enabled:League of Legends Launcher
"6882:UDP" = 6882:UDP:*:Enabled:League of Legends Launcher
"6896:TCP" = 6896:TCP:*:Enabled:League of Legends Launcher
"6896:UDP" = 6896:UDP:*:Enabled:League of Legends Launcher
"6977:TCP" = 6977:TCP:*:Enabled:League of Legends Launcher
"6977:UDP" = 6977:UDP:*:Enabled:League of Legends Launcher
"6931:TCP" = 6931:TCP:*:Enabled:League of Legends Launcher
"6931:UDP" = 6931:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Spiele\CBA\Combat Arms\CombatArms.exe" = D:\Spiele\CBA\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"D:\Spiele\CBA\Combat Arms\Engine.exe" = D:\Spiele\CBA\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"D:\Spiele\CBA\Combat Arms EU\CombatArms.exe" = D:\Spiele\CBA\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"D:\Spiele\CBA\Combat Arms EU\Engine.exe" = D:\Spiele\CBA\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\X-FIre\Xfire\xfire.exe" = D:\Programme\X-FIre\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Spiele\EA Games\BF2.exe" = D:\Spiele\EA Games\BF2.exe:*:Enabled:Battlefield 2 -- File not found
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"D:\Spiele\Valve\!! CSS CSS CSS CSS CSS CSS CSS CSS\hl2.exe" = D:\Spiele\Valve\!! CSS CSS CSS CSS CSS CSS CSS CSS\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Programme\X-FIre\Steam\steam.exe" = D:\Programme\X-FIre\Steam\steam.exe:*:Enabled:Steam 732897 -- (Valve Corporation)
"C:\Programme\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe" = C:\Programme\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- File not found
"C:\Programme\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe" = C:\Programme\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA -- File not found
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"D:\Spiele\Valve\Valve\CSS\hl2.exe" = D:\Spiele\Valve\Valve\CSS\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Spiele\Valve\CSS SSERVER\Counter-Strike Source\srcds.exe" = D:\Spiele\Valve\CSS SSERVER\Counter-Strike Source\srcds.exe:*:Enabled:srcds -- File not found
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"D:\Spiele\League of Legends\League of Legends\Air\LolClient.exe" = D:\Spiele\League of Legends\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"D:\Spiele\League of Legends\League of Legends\Game\League of Legends.exe" = D:\Spiele\League of Legends\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Server\Lan Server (Standard mit Port 28961)\iw3mp.exe" = D:\Server\Lan Server (Standard mit Port 28961)\iw3mp.exe:*:Enabled:iw3mp -- File not found
"D:\Server\Lan Server (ProMod Live)\iw3mp.exe" = D:\Server\Lan Server (ProMod Live)\iw3mp.exe:*:Enabled:iw3mp -- File not found
"D:\Programme\X-FIre\Steam\SteamApps\borgholzkaempfer\day of defeat source\hl2.exe" = D:\Programme\X-FIre\Steam\SteamApps\borgholzkaempfer\day of defeat source\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Spiele\Activision\Nummer 4 Games\iw3mp.exe" = D:\Spiele\Activision\Nummer 4 Games\iw3mp.exe:*:Enabled:iw3mp -- ()
"D:\Spiele\Valve\Valve\hl.exe" = D:\Spiele\Valve\Valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\EA GAMES\Battlefield 2\bf2_w32ded.exe" = C:\Programme\EA GAMES\Battlefield 2\bf2_w32ded.exe:*:Enabled:bf2_w32ded -- ()
"C:\Programme\Heroes of Newerth\hon.exe" = C:\Programme\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth -- File not found
"C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"D:\Spiele\League of Legends\Air\LolClient.exe" = D:\Spiele\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"D:\Spiele\League of Legends\Game\League of Legends.exe" = D:\Spiele\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"D:\Spiele\League of Legends\lol.launcher.exe" = D:\Spiele\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- File not found
"C:\Programme\THQ\Company of Heroes\RelicCOH.exe" = C:\Programme\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"C:\Programme\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = C:\Programme\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp\1d11aced9cb14f33925427cbdf83e430\RelicDownloader.exe" = C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp\1d11aced9cb14f33925427cbdf83e430\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Programme\EslWire\wire.exe" = C:\Programme\EslWire\wire.exe:*:Enabled:ESL Wire Client -- (Turtle Entertainment GmbH)
"D:\Spiele\Valve\UrbanTerror\ioUrbanTerror.exe" = D:\Spiele\Valve\UrbanTerror\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror -- File not found
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\LoL USA\air\LolClient.exe" = C:\Programme\LoL USA\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Programme\LoL USA\game\League of Legends.exe" = C:\Programme\LoL USA\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"D:\Spiele\CBA\Combat Arms\CombatArms.exe" = D:\Spiele\CBA\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"D:\Spiele\CBA\Combat Arms\Engine.exe" = D:\Spiele\CBA\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"D:\Spiele\CBA\Combat Arms EU\CombatArms.exe" = D:\Spiele\CBA\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"D:\Spiele\CBA\Combat Arms EU\Engine.exe" = D:\Spiele\CBA\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Programme\Extreme Thumbnail Generator\ETG.exe" = C:\Programme\Extreme Thumbnail Generator\ETG.exe:*:Enabled:Extreme Thumbnail Generator -- (Extreme Internet Software)
"D:\Spiele\TmNationsForever\TmForever.exe" = D:\Spiele\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"D:\Programme\X-FIre\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = D:\Programme\X-FIre\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"D:\Programme\X-FIre\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = D:\Programme\X-FIre\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"D:\Eigene Dateien\ICQ\224593284\ReceivedFiles\433414417 Lan zocker Flo\Call of Duty 4 1.7 Siggi\iw3mp.exe" = D:\Eigene Dateien\ICQ\224593284\ReceivedFiles\433414417 Lan zocker Flo\Call of Duty 4 1.7 Siggi\iw3mp.exe:*:Enabled:iw3mp -- ()
"D:\Activision\Server\iw3mp.exe" = D:\Activision\Server\iw3mp.exe:*:Enabled:iw3mp -- ()
"D:\Eigene Dateien\xampp\php\php.exe" = D:\Eigene Dateien\xampp\php\php.exe:*:Enabled:CLI -- (The PHP Group)
"D:\Spiele\HL 1 CS DOD\hl.exe" = D:\Spiele\HL 1 CS DOD\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)
"C:\Programme\HLSW\hlsw.exe" = C:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW Application -- File not found
"D:\Spiele\Orange Box Games\hl2.exe" = D:\Spiele\Orange Box Games\hl2.exe:*:Enabled:hl2 -- ()
"D:\Programme\X-FIre\Steam\SteamApps\borgholzkaempfer\counter-strike source\hl2.exe" = D:\Programme\X-FIre\Steam\SteamApps\borgholzkaempfer\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"D:\Programme\X-FIre\Steam\SteamApps\common\audiosurf\engine\QuestViewer.exe" = D:\Programme\X-FIre\Steam\SteamApps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf -- ()
"C:\Dokumente und Einstellungen\Stefan\Desktop\crack.exe" = C:\Dokumente und Einstellungen\Stefan\Desktop\crack.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\test\svchost.exe" = C:\WINDOWS\system32\test\svchost.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01840D1A-3B62-1E2A-9997-C9B9007F1E5F}" = Catalyst Control Center Core Implementation
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe
"{09F4655B-C804-4AD0-B7DF-078E338F8F85}" = League of Legends
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{32BAA79B-CBB2-3693-A0E3-71EA4A1E9761}" = ccc-core-static
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33BA828D-CF19-0B52-8483-61FCFD83F75D}" = Catalyst Control Center HydraVision Full
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362CCC45-63D1-9688-C74D-F32F1B0CD919}" = CCC Help English
"{4183E4E3-F943-416C-D4E1-0673F1CBA6E1}" = ccc-utility
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FAC221-570C-A7A2-10FF-30F3BDDED603}" = Catalyst Control Center Graphics Light
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77C4F53F-8618-B4AC-A54D-694CA504BC2E}" = Catalyst Control Center Graphics Full Existing
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83729FE3-6785-476A-91F1-312D427B4522}" = League of Legends
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{936B67BE-1EB4-4D98-815A-EA1E75FFED2F}" = Counter-Strike Source Final 07102004
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A52C4BAB-E8E7-906E-EF34-91EA765505BE}" = ccc-core-preinstall
"{A778A787-08A4-4089-CB68-02A9737DE532}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE12677C-F7D2-45A8-BBF9-0FC0B972EDC3}" = League of Legends
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB2E2ED5-DE74-F09D-3B23-0C4BA51D8C60}" = Catalyst Control Center Graphics Previews Common
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC18317E-BB91-4502-8909-E5AB70BC1031}" = Nero 7 Essentials
"{FD3D9B16-44E4-4231-E1E2-85C40A115F87}" = ATI Catalyst Install Manager
"{FDE0EEEA-B1CD-BFED-22BB-AD87B886CC47}" = Catalyst Control Center Graphics Full New
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.2
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"4t Tray Minimizer_is1" = 4t Tray Minimizer Free 4.40
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast5" = avast! Free Antivirus
"AVIConverter" = AVIConverter 3.0
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CoD RconTool 10" = CoD RconTool 10
"Combat Arms" = Combat Arms
"Combat Arms EU" = Combat Arms EU
"Company of Heroes" = Company of Heroes
"Counter-Strike: Source" = Counter-Strike: Source
"D-Link VGA Webcam" = D-Link VGA Webcam
"DynDNSUpdater" = DynDNS Updater
"eBay Icon" = eBay Icon
"Electronic Sports League GUI2.10.7" = Electronic Sports League GUI
"ESL Wire_is1" = ESL Wire 1.4
"Extreme Thumbnail Generator_is1" = Extreme Thumbnail Generator 1.16
"FileZilla Client" = FileZilla Client 3.2.7.1
"HLSW_is1" = HLSW v1.3.3.7b
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"League of Legends_is1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MUETERS Streamer" = MUETERS Streamer
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Free Edition 4.1.2
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12910" = Audiosurf Demo
"Steam App 33310" = R.U.S.E. Beta
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6a17eec236c1770d" = Battlefield 2 Remote Server Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"QUICKMEDIACONVERTER" = QMC
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.05.2010 14:24:37 | Computer Name = ST3F4N | Source = BugSplat | ID = 1
Description =

Error - 13.05.2010 14:59:15 | Computer Name = ST3F4N | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung lol.launcher.exe, Version 1.0.0.29, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 26.05.2010 04:07:26 | Computer Name = ST3F4N | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung java.exe, Version 6.0.200.2, fehlgeschlagenes
Modul java.dll, Version 6.0.200.2, Fehleradresse 0x00005875.

Error - 29.05.2010 15:24:52 | Computer Name = ST3F4N | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 01.06.2010 09:15:15 | Computer Name = ST3F4N | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 49ef8e09, P4 mscorlib,
P5 2.0.0.0, P6 4a7cd8f7, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 02.06.2010 09:03:04 | Computer Name = ST3F4N | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung lol.launcher.exe, Version 1.0.0.29, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 05.06.2010 09:03:38 | Computer Name = ST3F4N | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung League of Legends.exe, Version 1.0.0.86, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 06.06.2010 04:16:03 | Computer Name = ST3F4N | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 08.06.2010 11:42:10 | Computer Name = ST3F4N | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul java.dll, Version 6.0.200.2, Fehleradresse 0x00005875.

Error - 09.06.2010 14:55:35 | Computer Name = ST3F4N | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 7.2.0.3129, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 07.08.2010 13:07:23 | Computer Name = ST3F4N | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 07.08.2010 13:07:23 | Computer Name = ST3F4N | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 07.08.2010 21:53:56 | Computer Name = ST3F4N | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 08.08.2010 05:57:37 | Computer Name = ST3F4N | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 08.08.2010 07:34:13 | Computer Name = ST3F4N | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst svchost.

Error - 08.08.2010 07:34:14 | Computer Name = ST3F4N | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 08.08.2010 07:36:58 | Computer Name = ST3F4N | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst svchost.

Error - 08.08.2010 07:36:59 | Computer Name = ST3F4N | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 08.08.2010 07:41:00 | Computer Name = ST3F4N | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst svchost.

cosinus · 08.08.2010, 17:20

Zitat:

D:\Downloads\keygen.exe (RiskWare.Tool.CK) -> No action taken.
D:\Downloads\Alt\EasyAccount.exe (RiskWare.Tool.CK) -> No action taken.
D:\Eigene Dateien\ICQ\224593284\ReceivedFiles\433414417 Lan zocker Flo\Call of Duty 2 Server\patch.exe (Spyware.Passwords) -> No action taken.
D:\Eigene Dateien\ICQ\224593284\ReceivedFiles\433414417 Lan zocker Flo\Call of Duty 4 1.0\Call.Of.Duty.4.Modern.Warfare_KEYGEN-FFF.exe (HackTool.Keygen) -> No action taken.

Sry, aber Du hast mit diesen dubiosen und illegalen Tools die Infektion mutwillig herbeigeführt.

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

Stefan2k10 · 08.08.2010, 17:28

Okey,

Trotzdem danke für die hilfe.

Pc Desktop nicht sichtbar

Log-Analyse und Auswertung: Pc Desktop nicht sichtbar