Trojaner-Board - WORM/Runfer.dcj keine ahnung wo es ist

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - WORM/Runfer.dcj keine ahnung wo es ist (https://www.trojaner-board.de/86742-worm-runfer-dcj-keine-ahnung.html)

WORM/Runfer.dcj keine ahnung wo es ist

Hallo

Ich habe das folgende Problem das ich mir gerade einen Wurm geladen habe.
In Google habe ich bereits nach ihm gesucht habe aber nichts gefunden.
Wäre net wenn mir einer weiterhelfen könnte hier hab ich sicherheitshalber nochmal die log datei mit hijackthis rein kopiert.
Ich entschuldige mich schonmal falls ich hier etwas ungenau oder falsch gemacht habe, da es das erste mal ist das ich hier um hilfe suche.
HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:25:33, on 04.06.2005

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\LogMeIn Hamachi\hamachi-2.exe

C:\Programme\Hotspot Shield\bin\openvpnas.exe

C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe

C:\Programme\Hotspot Shield\bin\hsswd.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Programme\PDF Complete\pdfsvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\programme\steam\steam.exe

C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auto Desktop Background Changer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programme\MSI\US54SE_Utility\ZDWlan.exe

C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client\ts3client_win32.exe

C:\Programme\Windows Media Player\wmplayer.exe

C:\Programme\Xfire\Xfire.exe

C:\Programme\Windows Live\Messenger\msnmsgr.exe

C:\Programme\Windows Live\Contacts\wlcomm.exe

C:\Programme\Avira\AntiVir Desktop\avcenter.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Avira\AntiVir Desktop\avscan.exe

C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\stinger1001870.exe

C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\HiJackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2312724

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.icq.com/download/skins/?icid=lsp_1

R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} -  - (no file)

R3 - URLSearchHook: Softonic Deutsch AQ Toolbar - {303297e2-08a0-46b2-aad8-d680e8140f13} - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Softonic Deutsch AQ Toolbar - {303297e2-08a0-46b2-aad8-d680e8140f13} - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll

O3 - Toolbar: Softonic Deutsch AQ Toolbar - {303297e2-08a0-46b2-aad8-d680e8140f13} - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Auto Desktop Background Changer.lnk = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auto Desktop Background Changer.exe

O4 - Global Startup: MSI US54SE 802.11b+g USB Stick Utility.lnk = C:\Programme\MSI\US54SE_Utility\ZDWlan.exe

O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programme\Xilisoft\YouTube Video Converter\upod_link.HTM

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261774811734

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Programme\Hotspot Shield\bin\hsswd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programme\PDF Complete\pdfsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
 

--

End of file - 8843 bytes

--- --- ---

Hallo und :hallo:

bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Der OTL scann ist schon fertig jetzt mache ich denn vollscan mit malwarebytes.
Hier die Logfiles.

OTL Logfile:

Code:

OTL logfile created on: 04.06.2010 14:41:17 - Run 1

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 4,92 Gb Free Space | 3,30% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 113,56 Gb Free Space | 48,76% Space Free | Partition Type: NTFS

Drive E: | 6,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SYNT

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Xfire\Xfire.exe (Xfire Inc.)

PRC - C:\Programme\Steam\steam.exe (Valve Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()

PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auto Desktop Background Changer.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)

PRC - C:\WINDOWS\system32\PSIService.exe ()

PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Programme\MSI\US54SE_Utility\ZDWlan.exe ()

PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

PRC - C:\WINDOWS\system32\LckFldService.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Programme\Xfire\xfire_toucan_42784.dll (Xfire Inc.)

MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3697.dll ()

SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()

SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (pdfcDispatcher) -- C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (LckFldService) -- C:\WINDOWS\system32\LckFldService.exe ()

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)

DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)

DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)

DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)

DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)

DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)

DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)

DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)

DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)

DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)

DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)

DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)

DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)

DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)

DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)

DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)

DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2312724

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {303297e2-08a0-46b2-aad8-d680e8140f13} - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch AQ Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2312724&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch AQ Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5

FF - prefs.js..extensions.enabledItems: npmozax31@real.com:3.1

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.5

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2312724&SearchSource=2&q="

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.13 18:47:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2005.06.03 23:56:53 | 000,000,000 | ---D | M]

 

[2009.12.21 17:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2010.06.03 22:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1r55swub.default\extensions

[2010.03.24 20:42:13 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1r55swub.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2010.02.19 14:19:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1r55swub.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009.06.11 09:32:20 | 000,000,900 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1r55swub.default\searchplugins\conduit.xml

[2010.06.01 16:00:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1r55swub.default\searchplugins\icqplugin-1.xml

[2009.10.14 19:13:26 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1r55swub.default\searchplugins\icqplugin.xml

[2010.06.03 22:57:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.01.30 01:48:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\npmozax31@real.com

[2009.03.30 18:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npraclient.dll

[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2010.03.12 16:05:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.12 16:05:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.12 16:05:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.12 16:05:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.12 16:05:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.02.28 09:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Softonic Deutsch AQ Toolbar) - {303297e2-08a0-46b2-aad8-d680e8140f13} - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)

O3 - HKLM\..\Toolbar: (Softonic Deutsch AQ Toolbar) - {303297e2-08a0-46b2-aad8-d680e8140f13} - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch AQ Toolbar) - {303297E2-08A0-46B2-AAD8-D680E8140F13} - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz]  File not found

O4 - HKCU..\Run: [Steam] c:\programme\steam\steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Auto Desktop Background Changer.lnk = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auto Desktop Background Changer.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MSI US54SE 802.11b+g USB Stick Utility.lnk = C:\Programme\MSI\US54SE_Utility\ZDWlan.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programme\Xilisoft\YouTube Video Converter\upod_link.HTM ()

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261774811734 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.10.27 20:36:11 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.04 14:31:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2010.06.04 14:31:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.06.04 14:31:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.06.04 14:31:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.06.04 14:31:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.06.03 21:55:46 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll

[2010.06.03 21:55:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Image-Line

[2010.06.03 21:55:28 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm

[2010.06.03 21:55:14 | 000,000,000 | ---D | C] -- C:\Programme\VstPlugins

[2010.06.03 21:55:10 | 000,000,000 | ---D | C] -- C:\Programme\Outsim

[2010.05.27 14:04:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\2-Dateien

[2010.05.25 13:15:08 | 000,000,000 | ---D | C] -- C:\Programme\Steam

[2010.05.20 18:30:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71FRA.DLL

[2010.05.20 18:30:48 | 000,964,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70u.dll

[2010.05.20 18:30:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70ita.dll

[2010.05.20 18:30:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70fra.dll

[2010.05.20 18:30:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70esp.dll

[2010.05.20 18:30:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70deu.dll

[2010.05.20 18:30:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70enu.dll

[2010.05.20 18:30:48 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70kor.dll

[2010.05.20 18:30:48 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70jpn.dll

[2010.05.20 18:30:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70cht.dll

[2010.05.20 18:30:48 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70chs.dll

[2010.05.20 18:30:47 | 000,151,040 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8S.DLL

[2010.05.20 18:30:47 | 000,126,464 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32PR8.DLL

[2010.05.20 18:30:47 | 000,115,712 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32UT8.DLL

[2010.05.20 18:30:47 | 000,079,872 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32MM8.DLL

[2010.05.20 18:30:46 | 001,730,048 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8.DLL

[2010.05.20 18:30:46 | 000,905,216 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8OB.LLX

[2010.05.20 18:30:46 | 000,369,664 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cm32l800.lng

[2010.05.20 18:30:46 | 000,340,992 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32DW8.DLL

[2010.05.20 18:30:45 | 000,505,344 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32CT8.DLL

[2010.05.20 18:30:45 | 000,114,688 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32CR8.DLL

[2010.05.20 18:30:45 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl70.dll

[2010.05.20 18:28:47 | 000,000,000 | ---D | C] -- C:\Programme\Degener

[2010.05.10 23:57:19 | 000,000,000 | ---D | C] -- C:\WMP3E_PRO

[2010.05.10 23:57:06 | 000,000,000 | ---D | C] -- C:\Programme\Code-it Software

[2010.05.10 23:56:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2010.05.10 23:36:20 | 000,000,000 | ---D | C] -- C:\Soldat

[2010.05.10 23:36:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Soldat

[2010.05.10 00:42:47 | 000,839,680 | ---- | C] (www.dennisbabkin.com) -- C:\Dokumente und Einstellungen\Administrator\Desktop\wosb.exe

[2010.05.10 00:41:49 | 000,000,000 | ---D | C] -- C:\Programme\VHPD

[2010.05.06 23:22:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Zelda Collection

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.06.04 14:31:05 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.06.04 14:20:25 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.06.04 14:20:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.04 14:06:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.04 14:06:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.04 14:06:04 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.04 05:21:33 | 005,767,168 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT

[2010.06.04 05:21:33 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini

[2010.06.04 04:32:26 | 000,206,986 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ts3_clientui-win32-11239-2010-06-04 04_32_23.156250.dmp

[2010.06.02 23:34:39 | 000,001,318 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TeamSpeak 3 Client.lnk

[2010.06.02 23:20:56 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Day of Defeat Source.url

[2010.06.02 15:27:30 | 000,219,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2010.06.02 15:23:52 | 000,138,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010.05.30 14:17:40 | 000,000,311 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Textdokument (4).html

[2010.05.28 02:09:00 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll

[2010.05.27 20:44:57 | 000,001,212 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010.05.27 20:39:28 | 000,073,132 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\liebe-gedicht.jpg

[2010.05.27 20:39:17 | 000,028,788 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\gedicht.jpg

[2010.05.27 20:29:30 | 000,049,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\7567321.jpg

[2010.05.27 20:27:04 | 000,057,267 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Gedicht-Freundschaft.gif

[2010.05.27 14:04:53 | 000,001,082 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\2.htm

[2010.05.26 19:38:37 | 004,264,206 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.05.26 18:23:18 | 000,000,303 | ---- | M] () -- C:\WINDOWS\System32\mslck.dat

[2010.05.25 22:18:12 | 000,028,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ztds.jpg

[2010.05.25 22:17:19 | 000,041,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\redsfgerd.jpg

[2010.05.25 22:17:08 | 000,919,202 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\IMG_8677.JPG

[2010.05.25 22:17:00 | 000,069,481 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenannt.jpg

[2010.05.25 21:03:33 | 000,000,051 | ---- | M] () -- C:\WINDOWS\System32\everest_cpl.ini

[2010.05.25 13:47:57 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Left 4 Dead.url

[2010.05.25 13:34:28 | 000,000,636 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk

[2010.05.24 15:31:58 | 000,000,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\oLZtkEOg0nRt1qnJwpzdKsDgDrHxEbYXMtBIHw0f71o.htm

[2010.05.24 03:53:11 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin

[2010.05.20 18:30:52 | 000,000,714 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Didi V3.lnk

[2010.05.16 04:49:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job

[2010.05.11 21:10:29 | 002,395,067 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Charlotte 218.jpg

[2010.05.10 23:57:14 | 000,001,900 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wave MP3 Editor LT.lnk

[2010.05.10 23:36:34 | 000,001,417 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Soldat Manual.lnk

[2010.05.10 23:36:34 | 000,000,494 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Soldat.lnk

[2010.05.10 23:36:34 | 000,000,487 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Soldat Mod Starter.lnk

[2010.05.10 00:41:49 | 000,000,899 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Smart Shutdown Manager.lnk

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.06.04 14:31:05 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.06.04 04:32:23 | 000,206,986 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ts3_clientui-win32-11239-2010-06-04 04_32_23.156250.dmp

[2010.06.02 23:34:39 | 000,001,318 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TeamSpeak 3 Client.lnk

[2010.06.02 23:20:56 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Day of Defeat Source.url

[2010.05.30 14:17:40 | 000,000,311 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Textdokument (4).html

[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2010.05.27 20:39:28 | 000,073,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\liebe-gedicht.jpg

[2010.05.27 20:39:17 | 000,028,788 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\gedicht.jpg

[2010.05.27 20:29:29 | 000,049,372 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\7567321.jpg

[2010.05.27 20:27:04 | 000,057,267 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Gedicht-Freundschaft.gif

[2010.05.27 14:04:52 | 000,001,082 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\2.htm

[2010.05.25 22:18:11 | 000,028,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ztds.jpg

[2010.05.25 22:17:17 | 000,041,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\redsfgerd.jpg

[2010.05.25 22:16:57 | 000,069,481 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenannt.jpg

[2010.05.25 22:16:45 | 000,919,202 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\IMG_8677.JPG

[2010.05.25 13:47:57 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Left 4 Dead.url

[2010.05.25 13:15:09 | 000,000,636 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk

[2010.05.24 03:53:11 | 000,000,000 | R--- | C] () -- C:\logwmemory.bin

[2010.05.23 10:39:49 | 000,000,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\oLZtkEOg0nRt1qnJwpzdKsDgDrHxEbYXMtBIHw0f71o.htm

[2010.05.20 18:30:52 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Didi V3.lnk

[2010.05.20 18:30:47 | 001,170,504 | ---- | C] () -- C:\WINDOWS\System32\CMBTL800.HLP

[2010.05.11 21:09:48 | 002,395,067 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Charlotte 218.jpg

[2010.05.10 23:57:14 | 000,001,900 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wave MP3 Editor LT.lnk

[2010.05.10 23:36:34 | 000,001,417 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Soldat Manual.lnk

[2010.05.10 23:36:34 | 000,000,494 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Soldat.lnk

[2010.05.10 23:36:34 | 000,000,487 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Soldat Mod Starter.lnk

[2010.05.10 00:41:49 | 000,000,899 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Smart Shutdown Manager.lnk

[2010.02.04 16:14:35 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\Mlkf.dll

[2010.01.26 17:45:53 | 000,001,212 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010.01.09 21:29:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL

[2009.12.25 16:00:10 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009.12.22 19:36:46 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009.12.22 19:36:45 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys

[2009.12.22 17:56:32 | 000,138,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009.12.22 17:55:50 | 000,000,308 | ---- | C] () -- C:\WINDOWS\game.ini

[2009.12.22 01:12:25 | 000,000,981 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009.12.21 19:02:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009.12.21 17:25:45 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini

[2009.12.21 17:09:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2009.12.21 17:09:01 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2009.12.21 16:49:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009.08.07 20:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2006.11.06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2006.06.29 11:19:26 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\id3vx_ocx.dll

[2004.09.10 18:34:26 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 04.06.2010 14:41:17 - Run 1

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 4,92 Gb Free Space | 3,30% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 113,56 Gb Free Space | 48,76% Space Free | Partition Type: NTFS

Drive E: | 6,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SYNT

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1075:TCP" = 1075:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)

"C:\Programme\Infogrames\Tactical Ops\System\TacticalOps.exe" = C:\Programme\Infogrames\Tactical Ops\System\TacticalOps.exe:*:Enabled:TacticalOps -- ()

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()

"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

"G:\Testserver\Testserver CoD2 Extreme Mod\CoD2MP_s.exe" = G:\Testserver\Testserver CoD2 Extreme Mod\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- File not found

"G:\Testserver\Testserver CoD4\iw3mp.exe" = G:\Testserver\Testserver CoD4\iw3mp.exe:*:Enabled:iw3mp -- File not found

"C:\Programme\BORGChat\BORGChat.exe" = C:\Programme\BORGChat\BORGChat.exe:*:Enabled:BORGChat -- (IOn)

"C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Disabled:Grand Theft Auto IV -- (Sony DADC Austria AG)

"C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)

"C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Disabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)

"C:\Programme\Age of Empires III\age3.exe" = C:\Programme\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- File not found

"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()

"C:\Dokumente und Einstellungen\Administrator\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Dokumente und Einstellungen\Administrator\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)

"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()

"C:\Programme\JDownloader\downloads\Left4Dead\hl2.exe" = C:\Programme\JDownloader\downloads\Left4Dead\hl2.exe:*:Enabled:hl2 -- ()

"C:\AeriaGames\WolfTeam\Wolfteam.bin" = C:\AeriaGames\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam -- (Softnyx Co., Ltd.)

"C:\Programme\JDownloader\downloads\Left4Dead\left4dead.exe" = C:\Programme\JDownloader\downloads\Left4Dead\left4dead.exe:*:Enabled:left4dead -- ()

"C:\Dokumente und Einstellungen\Administrator\Desktop\Yu-Gi-Oh\Joey\joey_pc.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\Yu-Gi-Oh\Joey\joey_pc.exe:*:Enabled:joey_pc -- File not found

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)

"C:\Programme\JDownloader\downloads\Yu-Gi-Oh\Joey\joey_pc.exe" = C:\Programme\JDownloader\downloads\Yu-Gi-Oh\Joey\joey_pc.exe:*:Enabled:joey_pc -- File not found

"C:\Dokumente und Einstellungen\Administrator\Desktop\Yu-Gi-Oh\JOEY THE PASSION\joey_pc.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\Yu-Gi-Oh\JOEY THE PASSION\joey_pc.exe:*:Enabled:joey_pc -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX02.704\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX02.704\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX09.985\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX09.985\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.453\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.453\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX70.968\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX70.968\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.547\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.547\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.578\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.578\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.500\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.500\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.501\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.501\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Desktop\Bot\iBot.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\Bot\iBot.exe:*:Enabled:Silkroad Online Bot -- File not found

"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found

"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde (tm) -- File not found

"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\patchget.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\patchget.dat:*:Enabled:patchgrabber -- File not found

"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()

"C:\Programme\JDownloader\downloads\Stronghold 2\Stronghold2.exe" = C:\Programme\JDownloader\downloads\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- File not found

"D:\Games\Stronghold 2\Stronghold2.exe" = D:\Games\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Programme\id Software\Enemy Territory - QUAKE Wars\etqw.exe" = C:\Programme\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) -- (Splash Damage, Ltd.)

"C:\Programme\id Software\Enemy Territory - QUAKE Wars\etqwded.exe" = C:\Programme\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe -- (Splash Damage, Ltd.)

"C:\Soldat\Soldat.exe" = C:\Soldat\Soldat.exe:*:Enabled:hxxp://soldat.pl -- (Michal Marcinkowski)

"C:\Programme\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Programme\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()

"C:\Programme\Steam\steam.exe" = C:\Programme\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX57.046\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX57.046\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX77.703\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX77.703\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX84.718\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX84.718\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX85.765\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX85.765\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX87.078\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX87.078\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX89.921\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX89.921\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX92.875\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX92.875\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX96.546\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX96.546\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX10.2171\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX10.2171\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.4843\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.4843\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.7281\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.7281\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.5390\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.5390\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.5234\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.5234\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.9156\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX11.9156\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX12.8250\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX12.8250\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX12.3953\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX12.3953\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX13.3375\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX13.3375\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX14.2437\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX14.2437\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX14.8953\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX14.8953\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX14.2625\CT.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX14.2625\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found

"C:\Programme\Steam\steamapps\synt1992\day of defeat source\hl2.exe" = C:\Programme\Steam\steamapps\synt1992\day of defeat source\hl2.exe:*:Enabled:hl2 -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)

"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client

"{1FF12BFD-84AC-4E81-9A8F-496E5C2DDA79}_is1" = Didi V3

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{33354595-47AB-4169-960C-CE56AC416DD8}" = Wave MP3 Editor v2010.5 ::: FREE

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation

"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{581CE7EA-A30D-0000-1211-088635773309}" = MSI US54SE 802.11 b+g USB Stick

"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{716E17AD-C11F-44D3-9EDE-7B94E14D3071}" = Offline Pokédex

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER

"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI

"{AB661879-AB21-41C1-AC94-CB6AD30B8DFC}" = Multiplayer Monopoly Online Game

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - Quake Wars(TM)

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface

"AQ FLV Video Converter_is1" = AQ FLV Video Converter V1.0.118

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BORGChat" = BORGChat (remove only)

"CCleaner" = CCleaner

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"ESE_Registration" = ESE Account Manager (remove only)

"FINAL FANTASY VIII" = FINAL FANTASY VIII

"FLV Player" = FLV Player 2.0 (build 25)

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free FLV Converter_is1" = Free FLV Converter V 6.7.4

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10

"HijackThis" = HijackThis 2.0.2

"HotspotShield" = Hotspot Shield 1.37

"ie8" = Windows Internet Explorer 8

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"JDownloader" = JDownloader

"KnightsAndMerchants" = KnightsAndMerchants

"LemmingballZ_0" = LemmingballZ 3D 8460

"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a

"LogMeIn Hamachi" = LogMeIn Hamachi

"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaInfo" = MediaInfo 0.7.30

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PDF Complete" = PDF Complete

"QCad" = QCad

"QcDrv" = Logitech® Camera-Treiber

"RealArcade" = RealArcade

"Silkroad" = Silkroad

"Softonic_Deutsch_AQ Toolbar" = Softonic_Deutsch_AQ Toolbar

"Soldat_is1" = Soldat 1.5.0

"Steam App 300" = Day of Defeat: Source

"Steam App 500" = Left 4 Dead

"Tactical Ops" = Tactical Ops

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamViewer 4" = TeamViewer 4

"TeamViewer 5" = TeamViewer 5

"TmNationsForever_is1" = TmNationsForever

"Uninstall_is1" = Uninstall 1.0.0.1

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WolfTeam" = WolfTeam

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xfire" = Xfire (remove only)

"Xilisoft YouTube Video Converter" = Xilisoft YouTube Video Converter

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Smart Shutdown Manager" = Smart Shutdown Manager

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Winamp Detect" = Winamp Anwendungserkennung

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.03.2010 14:00:55 | Computer Name = SYNT | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung nsx2.exe, Version 0.7.26.1, fehlgeschlagenes

 Modul sifplugin.dll, Version 0.0.0.0, Fehleradresse 0x0000784b.

 

Error - 24.03.2010 15:43:18 | Computer Name = SYNT | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung nksp.exe, Version 0.0.0.0, fehlgeschlagenes

 Modul d3d8.dll, Version 5.3.2600.5512, Fehleradresse 0x00031d02.

 

Error - 25.03.2010 11:18:04 | Computer Name = SYNT | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3727, fehlgeschlagenes

 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0c0c0c0c.

 

Error - 30.03.2010 16:51:25 | Computer Name = SYNT | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung mpc-hc.exe, Version 1.3.1264.0, fehlgeschlagenes

 Modul splitter.ax, Version 1.9.42.1, Fehleradresse 0x00017756.

 

Error - 17.04.2010 21:40:24 | Computer Name = SYNT | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung TacticalOps.exe, Version 0.0.0.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 28.04.2010 08:12:29 | Computer Name = SYNT | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung zdwlan.exe, Version 2.22.0.1, fehlgeschlagenes

 Modul zdwlan.exe, Version 2.22.0.1, Fehleradresse 0x0000b045.

 

Error - 10.05.2010 12:38:55 | Computer Name = SYNT | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung winamp.exe, Version 5.5.7.2810, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 10.05.2010 15:57:24 | Computer Name = SYNT | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung cod2mp_s.exe, Version 0.0.0.0, fehlgeschlagenes

 Modul gfx_d3d_mp_x86_s.dll, Version 0.0.0.0, Fehleradresse 0x0005ef77.

 

Error - 03.06.2005 17:46:08 | Computer Name = SYNT | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung au_.exe, Version 0.0.0.0, fehlgeschlagenes

 Modul user32.dll, Version 5.1.2600.5512, Fehleradresse 0x0001401c.

 

Error - 03.06.2010 22:32:33 | Computer Name = SYNT | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.31.2, Fehleradresse 0x0001e7ae.

 

[ System Events ]

Error - 03.06.2010 09:31:39 | Computer Name = SYNT | Source = MRxSmb | ID = 8003

Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HANNE-PC",

der

 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0FB461E8-B141-4D7A--Transport

 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

 

Error - 03.06.2010 15:35:31 | Computer Name = SYNT | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

 (0x80072751)

 

Error - 03.06.2010 15:35:31 | Computer Name = SYNT | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der

 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle

 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

Error - 03.06.2010 15:35:54 | Computer Name = SYNT | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

 (0x80072751)

 

Error - 03.06.2010 15:35:54 | Computer Name = SYNT | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der

 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle

 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

Error - 03.06.2010 15:36:59 | Computer Name = SYNT | Source = MRxSmb | ID = 8003

Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HANNE-PC",

der

 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0FB461E8-B141-4D7A--Transport

 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

 

Error - 04.06.2010 08:06:24 | Computer Name = SYNT | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

 (0x80072751)

 

Error - 04.06.2010 08:06:24 | Computer Name = SYNT | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der

 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle

 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

Error - 04.06.2010 08:06:24 | Computer Name = SYNT | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

 (0x80072751)

 

Error - 04.06.2010 08:06:24 | Computer Name = SYNT | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der

 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle

 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

 

< End of report >

--- --- ---

Hier die log datei von Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04.06.2010 16:43:25
mbam-log-2010-06-04 (16-43-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 283860
Laufzeit: 2 Stunde(n), 0 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

hmmm und was mach ich jetzt?

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hier die Log Datei von cofi.exe

Combofix Logfile:

Code:

ComboFix 10-06-05.03 - Administrator 06.06.2010  18:05:22.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1532 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
 

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\edxLabs

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\edxLabs\edxSilkroadLoader\ISRO.ini

c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000110_.tmp.dll
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-06 bis 2010-06-06  ))))))))))))))))))))))))))))))

.
 

2010-06-04 12:31 . 2010-06-04 12:31        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2010-06-04 12:31 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-04 12:31 . 2010-06-04 12:31        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-06-04 12:31 . 2010-06-04 12:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-06-04 12:31 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-06-03 19:55 . 2006-06-20 08:56        225280        ----a-w-        c:\windows\system32\rewire.dll

2010-06-03 19:55 . 2005-06-03 21:57        --------        d-----w-        c:\programme\VstPlugins

2010-06-03 19:55 . 2010-06-03 19:55        --------        d-----w-        c:\programme\Outsim

2010-05-28 00:09 . 2010-05-28 00:09        41872        ----a-w-        c:\windows\system32\xfcodec.dll

2010-05-25 11:15 . 2010-06-06 15:52        --------        d-----w-        c:\programme\Steam

2010-05-24 01:53 . 2009-03-28 17:52        94208        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Soldat\Battleye\BEServer.dll

2010-05-24 01:53 . 2009-03-28 17:52        102400        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Soldat\Battleye\BEClient.dll

2010-05-24 01:53 . 2010-05-24 01:53        0        ----a-r-        C:\logwmemory.bin

2010-05-10 21:57 . 2010-05-10 22:09        --------        d-----w-        C:\WMP3E_PRO

2010-05-10 21:57 . 2010-05-10 21:57        61440        ----a-r-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{33354595-47AB-4169-960C-CE56AC416DD8}\NewShortcut18_AEC01EFA2C3B40F18F5BAA49D2490979_1.exe

2010-05-10 21:57 . 2010-05-10 21:57        61440        ----a-r-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{33354595-47AB-4169-960C-CE56AC416DD8}\NewShortcut16_AEC01EFA2C3B40F18F5BAA49D2490979.exe

2010-05-10 21:57 . 2010-05-10 21:57        45056        ----a-r-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{33354595-47AB-4169-960C-CE56AC416DD8}\NewShortcut11_6F48E73C097548419E4EF43474945188.exe

2010-05-10 21:57 . 2010-05-10 21:57        45056        ----a-r-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{33354595-47AB-4169-960C-CE56AC416DD8}\NewShortcut1_6F48E73C097548419E4EF43474945188.exe

2010-05-10 21:57 . 2010-05-10 21:57        45056        ----a-r-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{33354595-47AB-4169-960C-CE56AC416DD8}\ARPPRODUCTICON.exe

2010-05-10 21:57 . 2010-05-10 21:57        40960        ----a-r-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{33354595-47AB-4169-960C-CE56AC416DD8}\NewShortcut26_AEC01EFA2C3B40F18F5BAA49D2490979.exe

2010-05-10 21:57 . 2010-05-10 21:57        40960        ----a-r-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{33354595-47AB-4169-960C-CE56AC416DD8}\NewShortcut23_AEC01EFA2C3B40F18F5BAA49D2490979_1.exe

2010-05-10 21:57 . 2010-05-10 21:57        40960        ----a-r-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{33354595-47AB-4169-960C-CE56AC416DD8}\NewShortcut2_AEC01EFA2C3B40F18F5BAA49D2490979.exe

2010-05-10 21:57 . 2010-05-10 21:57        --------        d-----w-        c:\programme\Code-it Software

2010-05-10 21:56 . 2010-05-10 21:56        --------        d-----w-        c:\windows\Downloaded Installations

2010-05-10 21:36 . 2010-05-10 21:36        --------        d-----w-        C:\Soldat

2010-05-10 21:36 . 2010-05-10 21:36        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Soldat

2010-05-09 22:41 . 2010-05-09 22:41        --------        d-----w-        c:\programme\VHPD
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-06 16:02 . 2010-04-06 00:18        --------        d-----w-        c:\programme\Gemeinsame Dateien\Akamai

2010-06-06 15:52 . 2009-12-21 15:10        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Xfire

2010-06-06 15:51 . 2009-12-21 15:11        --------        d-----w-        c:\programme\CCleaner

2010-06-04 03:20 . 2009-12-21 16:36        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\teamspeak2

2010-06-04 01:56 . 2010-02-03 16:53        --------        d-----w-        c:\programme\EA GAMES

2010-06-03 11:32 . 2009-12-21 15:10        --------        d-----w-        c:\programme\Xfire

2010-06-02 21:30 . 2010-01-16 22:25        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Skype

2010-06-02 20:42 . 2010-01-16 22:26        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\skypePM

2010-06-02 13:27 . 2009-12-22 15:55        219128        ----a-w-        c:\windows\system32\PnkBstrB.exe

2010-06-02 13:23 . 2009-12-22 15:56        138592        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2010-06-01 17:23 . 2010-01-05 23:50        --------        d-----w-        c:\programme\JDownloader

2010-05-27 18:44 . 2010-01-26 15:45        1212        --sha-w-        c:\windows\system32\KGyGaAvL.sys

2010-05-26 16:23 . 2010-02-04 14:14        303        ----a-w-        c:\windows\system32\mslck.dat

2010-05-20 16:30 . 2010-05-20 16:28        --------        d-----w-        c:\programme\Degener

2010-05-07 13:00 . 2010-03-11 20:42        --------        d-----w-        c:\programme\Messenger Plus! Live

2010-05-06 12:39 . 2009-12-22 15:55        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe

2010-05-02 11:38 . 2009-12-21 14:37        --------        d--h--w-        c:\programme\InstallShield Installation Information

2010-05-02 10:55 . 2009-12-22 15:56        22328        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys

2010-05-02 10:55 . 2009-12-22 15:56        22328        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys

2010-05-02 10:42 . 2010-05-02 10:42        --------        d-----w-        c:\programme\id Software

2010-05-01 14:03 . 2010-05-01 14:03        --------        d-----w-        c:\programme\QuickTime

2010-05-01 14:03 . 2009-12-21 15:12        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer

2010-05-01 14:01 . 2010-05-01 14:01        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple

2010-04-18 13:19 . 2010-04-18 13:19        --------        d-----w-        c:\programme\EA SPORTS

2010-04-18 09:26 . 2010-02-23 17:28        159584        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

2010-04-17 12:04 . 2010-02-23 20:13        664        ----a-w-        c:\windows\system32\d3d9caps.dat

2010-04-07 09:23 . 2006-05-05 03:53        85344        ----a-w-        c:\windows\system32\perfc007.dat

2010-04-07 09:23 . 2006-05-05 03:53        459972        ----a-w-        c:\windows\system32\perfh007.dat

2010-03-28 13:25 . 2010-01-12 23:15        1        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{303297e2-08a0-46b2-aad8-d680e8140f13}"= "c:\programme\Softonic_Deutsch_AQ\tbSof0.dll" [2010-02-23 2349080]
 

[HKEY_CLASSES_ROOT\clsid\{303297e2-08a0-46b2-aad8-d680e8140f13}]
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{303297e2-08a0-46b2-aad8-d680e8140f13}]

2010-02-23 17:31        2349080        ----a-w-        c:\programme\Softonic_Deutsch_AQ\tbSof0.dll
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2010-02-24 20:14        220208        ----a-w-        c:\programme\Hotspot Shield\hssie\HssIE.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{303297e2-08a0-46b2-aad8-d680e8140f13}"= "c:\programme\Softonic_Deutsch_AQ\tbSof0.dll" [2010-02-23 2349080]
 

[HKEY_CLASSES_ROOT\clsid\{303297e2-08a0-46b2-aad8-d680e8140f13}]
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{303297E2-08A0-46B2-AAD8-D680E8140F13}"= "c:\programme\Softonic_Deutsch_AQ\tbSof0.dll" [2010-02-23 2349080]
 

[HKEY_CLASSES_ROOT\clsid\{303297e2-08a0-46b2-aad8-d680e8140f13}]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\programme\steam\steam.exe" [2010-05-25 1238352]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2005-06-08 458752]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-17 421888]

"Corel Photo Downloader"="c:\programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\

Auto Desktop Background Changer.lnk - c:\dokumente und einstellungen\Administrator\Eigene Dateien\Auto Desktop Background Changer.exe [2010-1-6 187392]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

MSI US54SE 802.11b+g USB Stick Utility.lnk - c:\programme\MSI\US54SE_Utility\ZDWlan.exe [2009-12-21 483328]
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^BORGChat.lnk]

path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\BORGChat.lnk

backup=c:\windows\pss\BORGChat.lnkStartup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk]

path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

2007-07-23 10:06        77824        ----a-w-        c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

2007-08-16 11:00        531272        ----a-w-        c:\programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57        369200        ----a-w-        c:\programme\DAEMON Tools Lite\DTLite.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2002-12-10 00:17        188416        ----a-w-        c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2009-11-16 15:36        172792        ----a-w-        c:\programme\ICQ6.5\ICQ.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 13:44        196608        ----a-w-        c:\programme\Logitech\Video\ManifestEngine.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 14:14        217088        ----a-w-        c:\programme\Logitech\Video\LogiTray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44        3883840        ----a-w-        c:\programme\Windows Live\Messenger\msnmsgr.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-01-11 21:17        110696        ----a-w-        c:\windows\system32\nvmctray.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 19:53        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]

2009-12-25 21:43        306088        ----a-w-        c:\programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]

2003-11-20 19:01        525824        ----a-w-        c:\programme\Compaq\SetRefresh\SetRefresh.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-12-21 15:11        149280        ----a-w-        c:\programme\Java\jre6\bin\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-12-21 05:45        39424        ----a-w-        c:\programme\Winamp\winampa.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ICQ Service"=2 (0x2)

"SQLWriter"=2 (0x2)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Programme\\ICQ6.5\\ICQ.exe"=

"c:\\Programme\\Xfire\\Xfire.exe"=

"c:\\Programme\\Infogrames\\Tactical Ops\\System\\TacticalOps.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Programme\\Ventrilo\\Ventrilo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\BORGChat\\BORGChat.exe"=

"c:\\Programme\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Programme\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Programme\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Programme\\TmNationsForever\\TmForever.exe"=

"c:\\Dokumente und Einstellungen\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Programme\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"c:\\Programme\\JDownloader\\downloads\\Left4Dead\\hl2.exe"=

"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=

"c:\\Programme\\JDownloader\\downloads\\Left4Dead\\left4dead.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe"=

"d:\\Games\\Stronghold 2\\Stronghold2.exe"=

"c:\\Programme\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=

"c:\\Programme\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=

"c:\\Soldat\\Soldat.exe"=

"c:\\Programme\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

"c:\\Programme\\Steam\\steam.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Steam\\steamapps\\synt1992\\day of defeat source\\hl2.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1254:TCP"= 1254:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface
 

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.08.2004 09:58 14336]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.12.2009 17:07 108289]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]

R2 HssWd;Hotspot Shield Monitoring Service;c:\programme\Hotspot Shield\bin\hsswd.exe [09.01.2010 01:42 285744]

R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [21.12.2009 16:47 576024]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2009 19:02 691696]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2312724

uInternet Connection Wizard,ShellNext = hxxp://www.icq.com/download/skins/?icid=lsp_1

IE: Download with Xilisoft YouTube Video Converter - c:\programme\Xilisoft\YouTube Video Converter\upod_link.HTM

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1r55swub.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2312724&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Softonic Deutsch AQ Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2312724&SearchSource=2&q=

FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\RealArcade\npraclient.dll

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Mozilla Firefox\extensions\npmozax31@real.com\plugins\npmozax.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
 

---- FIREFOX Richtlinien ----

FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-Run-nwiz - nwiz.exe

MSConfigStartUp-BitTorrent DNA - c:\programme\DNA\btdna.exe

MSConfigStartUp-Pando Media Booster - c:\programme\Pando Networks\Media Booster\PMB.exe

MSConfigStartUp-Software Informer - c:\programme\Software Informer\softinfo.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-06-06 18:11

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1034952450-3302094551-863450724-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,37,56,3b,12,22,df,45,99,89,1b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,36,d8,76,9e,5b,0f,4b,94,5e,d3,\
 

[HKEY_USERS\S-1-5-21-1034952450-3302094551-863450724-500\Software\SecuROM\License information*]

"datasecu"=hex:7b,0c,c4,ba,84,a9,85,4d,42,8f,47,e7,3e,fc,a7,07,be,ae,61,cc,83,

   53,02,3f,b0,45,1e,69,73,51,70,88,cf,f4,f3,8a,cf,3b,7d,d4,38,84,47,e5,e1,56,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

Zeit der Fertigstellung: 2010-06-06  18:13:08

ComboFix-quarantined-files.txt  2010-06-06 16:13
 

Vor Suchlauf: 8.857.808.896 Bytes frei

Nach Suchlauf: 8.810.942.464 Bytes frei
 

- - End Of File - - 5A7BC3A09D42CA3449D3B997EDC04420

--- --- ---

Ok. Dann probier jetzt mal Logs mit GMER und OSAM zu erstellen. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus.

GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-06-08 13:22:48

Windows 5.1.2600 Service Pack 3

Running: xbszvpe8.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdypow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT      B86E576E                                                                                                            ZwCreateKey

SSDT      B86E5764                                                                                                            ZwCreateThread

SSDT      B86E5773                                                                                                            ZwDeleteKey

SSDT      B86E577D                                                                                                            ZwDeleteValueKey

SSDT      spww.sys                                                                                                            ZwEnumerateKey [0xB7ECDDA4]

SSDT      spww.sys                                                                                                            ZwEnumerateValueKey [0xB7ECE132]

SSDT      B86E5782                                                                                                            ZwLoadKey

SSDT      spww.sys                                                                                                            ZwOpenKey [0xB7EB50C0]

SSDT      B86E5750                                                                                                            ZwOpenProcess

SSDT      B86E5755                                                                                                            ZwOpenThread

SSDT      spww.sys                                                                                                            ZwQueryKey [0xB7ECE20A]

SSDT      spww.sys                                                                                                            ZwQueryValueKey [0xB7ECE08A]

SSDT      B86E578C                                                                                                            ZwReplaceKey

SSDT      B86E5787                                                                                                            ZwRestoreKey

SSDT      B86E5778                                                                                                            ZwSetValueKey

SSDT      B86E575F                                                                                                            ZwTerminateProcess
 

INT 0x63  ?                                                                                                                   8A395BF8

INT 0x63  ?                                                                                                                   8A395BF8

INT 0x63  ?                                                                                                                   8A395BF8

INT 0x73  ?                                                                                                                   8A5CFBF8

INT 0x83  ?                                                                                                                   8A5CFBF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

?         spww.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !

.text     USBPORT.SYS!DllUnload                                                                                               B75638AC 5 Bytes  JMP 8A3951D8 

.text     C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB6A15380, 0x550AF5, 0xE8000020]

.text     a0bxeq3x.SYS                                                                                                        B69C8386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text     a0bxeq3x.SYS                                                                                                        B69C83AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text     a0bxeq3x.SYS                                                                                                        B69C83C4 3 Bytes  [00, 80, 02]

.text     a0bxeq3x.SYS                                                                                                        B69C83C9 1 Byte  [30]

.text     a0bxeq3x.SYS                                                                                                        B69C83C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text     ...                                                                                                                 
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B7EB6042] spww.sys

IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B7EB613E] spww.sys

IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [B7EB60C0] spww.sys

IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [B7EB6800] spww.sys

IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [B7EB66D6] spww.sys

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!KfLowerIrql]                                                      0E798366

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C

IAT       \SystemRoot\System32\Drivers\a0bxeq3x.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E

IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B7EC5B90] spww.sys
 

---- Devices - GMER 1.0.15 ----
 

Device    \FileSystem\Ntfs \Ntfs                                                                                              8A5CE1F8

Device    \FileSystem\Udfs \UdfsCdRom                                                                                         89FCB1F8

Device    \FileSystem\Udfs \UdfsDisk                                                                                          89FCB1F8

Device    \Driver\usbohci \Device\USBPDO-0                                                                                    8A2AC1F8

Device    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8A55D1F8

Device    \Driver\dmio \Device\DmControl\DmConfig                                                                             8A55D1F8

Device    \Driver\dmio \Device\DmControl\DmPnP                                                                                8A55D1F8

Device    \Driver\dmio \Device\DmControl\DmInfo                                                                               8A55D1F8

Device    \Driver\usbehci \Device\USBPDO-1                                                                                    8A2A81F8

Device    \Driver\PCI_PNP3804 \Device\00000048                                                                                spww.sys

Device    \Driver\NetBT \Device\NetBT_Tcpip_{DB26E262-C197-4713-8FAD-4DDB98B344FE}                                            8A1B5500

Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A5D01F8

Device    \Driver\sptd \Device\2337418804                                                                                     spww.sys

Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A5D01F8

Device    \Driver\Cdrom \Device\CdRom0                                                                                        8A36E360

Device    \Driver\Cdrom \Device\CdRom1                                                                                        8A36E360

Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                         [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort3                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1b                                                                        [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                         [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\Cdrom \Device\CdRom2                                                                                        8A36E360

Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8A1B5500

Device    \Driver\NetBT \Device\NetBT_Tcpip_{EF33FDAE-9D9E-40A0-83E2-2816660BB7A6}                                            8A1B5500

Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    8A1B5500

Device    \Driver\usbohci \Device\USBFDO-0                                                                                    8A2AC1F8

Device    \Driver\usbehci \Device\USBFDO-1                                                                                    8A2A81F8

Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   8A1B2500

Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         8A1B2500

Device    \Driver\Ftdisk \Device\FtControl                                                                                    8A5D01F8

Device    \Driver\a0bxeq3x \Device\Scsi\a0bxeq3x1Port4Path0Target0Lun0                                                        8A1E01F8

Device    \Driver\a0bxeq3x \Device\Scsi\a0bxeq3x1                                                                             8A1E01F8

Device    \Driver\a0bxeq3x \Device\Scsi\a0bxeq3x1Port4Path0Target1Lun0                                                        8A1E01F8

Device    \FileSystem\Cdfs \Cdfs                                                                                              89FAC500
 

---- Registry - GMER 1.0.15 ----
 

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xBF 0x3E 0xCF 0x44 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x4F 0x46 0xBB 0x47 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x73 0x47 0xC8 0xBF ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xE9 0x16 0x5F 0x8A ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xBF 0x3E 0xCF 0x44 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x4F 0x46 0xBB 0x47 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x73 0x47 0xC8 0xBF ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xE9 0x16 0x5F 0x8A ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xBF 0x3E 0xCF 0x44 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xF2 0xDC 0x8A 0x3A ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x3C 0xC8 0x5A 0x81 ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 13:38:54 on 08.06.2010
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.3
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"camcpl.cpl" - "Logitech Inc." - C:\WINDOWS\system32\camcpl.cpl

"everest_cpl.cpl" - ? - C:\WINDOWS\system32\everest_cpl.cpl  (File found, but it contains no detailed information)

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ae510xoa" (ae510xoa) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ae510xoa.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"Anchorfree HSS Adapter" (taphss) - "AnchorFree Inc" - C:\WINDOWS\System32\DRIVERS\taphss.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"DSL-Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys

"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys

"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)

"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

"ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)" (ZD1211BU(ZyDAS)) - "ZyDAS Technology Corporation" - C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys
 

[Explorer]

-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL

{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

<binary data> "Softonic Deutsch AQ Toolbar" - "Conduit Ltd." - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{303297e2-08a0-46b2-aad8-d680e8140f13} "Softonic Deutsch AQ Toolbar" - "Conduit Ltd." - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{303297e2-08a0-46b2-aad8-d680e8140f13} "Softonic Deutsch AQ Toolbar" - "Conduit Ltd." - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} "Hotspot Shield Class" - ? - C:\Programme\Hotspot Shield\hssie\HssIE.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{303297e2-08a0-46b2-aad8-d680e8140f13} "Softonic Deutsch AQ Toolbar" - "Conduit Ltd." - C:\Programme\Softonic_Deutsch_AQ\tbSof0.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"MSI US54SE 802.11b+g USB Stick Utility.lnk" - ? - C:\Programme\MSI\US54SE_Utility\ZDWlan.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"Auto Desktop Background Changer.lnk" - ? - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auto Desktop Background Changer.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Steam" - "Valve Corporation" - "c:\programme\steam\steam.exe" -silent

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"Corel Photo Downloader" - "Corel, Inc." - "C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

"LogitechVideoRepair" - "Logitech Inc." - C:\Programme\Logitech\Video\ISStart.exe 

"LVCOMSX" - "Logitech Inc." - C:\WINDOWS\system32\LVCOMSX.EXE

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"hpzlnt06" - "HP" - C:\WINDOWS\system32\hpzlnt06.dll

"PDFC" - "PDF Complete, Inc." - C:\WINDOWS\system32\pdfc_port.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Akamai NetSession Interface" (Akamai) - ? - c:\programme\gemeinsame dateien\akamai\rswin_3697.dll  (File found, but it contains no detailed information)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Programme\DSL-Manager\DslMgrSvc.exe

"Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Programme\Hotspot Shield\bin\hsswd.exe  (File found, but it contains no detailed information)

"Hotspot Shield Routing Service" (HssSrv) - "AnchorFree Inc." - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe

"Hotspot Shield Service" (HotspotShieldService) - ? - C:\Programme\Hotspot Shield\bin\openvpnas.exe  (File found, but it contains no detailed information)

"Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE  (File found, but it contains no detailed information)

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"LckFldService" (LckFldService) - ? - C:\WINDOWS\system32\LckFldService.exe

"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Programme\LogMeIn Hamachi\hamachi-2.exe

"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Programme\PDF Complete\pdfsvc.exe

"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe  (File found, but it contains no detailed information)

"ProtexisLicensing" (ProtexisLicensing) - ? - C:\WINDOWS\system32\PSIService.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Bin gerade dabei die scanns zu machen aber ne frage weißt du warum meine zweite Festplatte nicht mehr nagezeigt wird?

sry der post war unötig hat sich bereits erledigt ein restart hat das problem gelöst ^^

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 06/08/2010 bei 07:29 PM

Version der Applikation : 4.38.1004

Version der Kern-Datenbank : 5046
Version der Spur-Datenbank : 2858

Scan Art : kompletter Scann
Totale Scann-Zeit : 02:24:16

Gescannte Speicherelemente : 521
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 5214
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 167754
Erfasste Datei-Elemente : 0

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4178

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.06.2010 15:55:36
mbam-log-2010-06-08 (15-55-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 282133
Laufzeit: 1 Stunde(n), 32 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Keine Funde :) Rechner wieder ok?

im großen und ganzen schon sind aber immer noch kleine macken die ich beheben muss aber mit denn vieren ging das halt net ^^
Danke =D