Trojaner-Board - Infizierung mit SSHNAS ?

Done.
OTL Logfile:

Code:

OTL logfile created on: 20.09.2010 19:29:02 - Run 1

OTL by OldTimer - Version 3.2.14.0     Folder = E:\My Documents\DOWNLOADS

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): D:\pagefile.sys 2048 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 48,83 Gb Total Space | 11,83 Gb Free Space | 24,22% Space Free | Partition Type: NTFS

Drive D: | 58,59 Gb Total Space | 32,85 Gb Free Space | 56,06% Space Free | Partition Type: NTFS

Drive E: | 172,04 Gb Total Space | 28,82 Gb Free Space | 16,75% Space Free | Partition Type: NTFS

Drive F: | 97,65 Gb Total Space | 20,79 Gb Free Space | 21,29% Space Free | Partition Type: NTFS

Drive G: | 181,82 Gb Total Space | 64,71 Gb Free Space | 35,59% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 244,14 Gb Total Space | 172,56 Gb Free Space | 70,68% Space Free | Partition Type: NTFS

 

Computer Name: KERIAN

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - E:\My Documents\DOWNLOADS\OTL.exe (OldTimer Tools)

PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - D:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - K:\League of Legends\Air\LolClient.exe (Adobe Systems Inc.)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - c:\Programme\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

PRC - K:\League of Legends\lol.launcher.exe (Solid State Networks)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)

PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)

PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - E:\My Documents\DOWNLOADS\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (PMP) -- d:\Programme\PMP\bin\wrapper.exe File not found

SRV - (mfefire) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe ()

SRV - (mfevtp) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (McProxy) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (NBService) -- D:\Programme\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SetupNTGLM7X) -- H:\NTGLM7X.sys File not found

DRV - (NTACCESS) -- H:\NTACCESS.sys File not found

DRV - (GMSIPCI) -- L:\INSTALL\GMSIPCI.SYS File not found

DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found

DRV - (cpuz130) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found

DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()

DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation)

DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)

DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys ()

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)

DRV - (VBoxDrv) -- C:\WINDOWS\system32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)

DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)

DRV - (VBoxUSBMon) -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (RivaTuner32) -- d:\Programme\RivaTuner v2.24\RivaTuner32.sys ()

DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)

DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)

DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)

DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.09.17 09:07:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.09.17 09:07:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.09.16 21:24:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.08.20 08:27:17 | 000,000,000 | ---D | M]

 

[2010.09.09 22:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2010.09.09 22:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.09.19 21:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions

[2010.09.12 12:47:00 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010.01.21 20:32:37 | 000,000,000 | ---D | M] (4chan) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2010.04.22 22:35:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010.06.13 16:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\battlefieldheroespatcher@ea.com

 

O1 HOSTS File: ([2009.06.14 19:47:23 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 192.168.1.1        activate.adobe.com

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20100806012813.dll (McAfee, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [KernelFaultCheck]  File not found

O4 - HKLM..\Run: [Launch LCDMon] C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\PartyGaming\PartyCasino\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\PartyGaming\PartyCasino\RunApp.exe ()

O15 - HKCU\..Trusted Domains: com ([www.msi] http in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.02.07 00:11:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.11.16 01:06:21 | 000,205,576 | ---- | M] () - F:\AUTO.pat -- [ NTFS ]

O32 - AutoRun File - [2009.11.16 01:06:21 | 000,013,192 | ---- | M] () - F:\AUTO.pst -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.09.20 10:54:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2010.09.20 10:54:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.09.20 10:54:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.09.20 10:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.09.20 06:56:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan

[2010.09.10 15:48:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Auslogics

[2010.08.30 00:15:33 | 000,000,000 | ---D | C] -- C:\Programme\Veoh Networks

[2010.08.29 23:27:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2010.08.29 23:27:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.08.29 23:27:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.08.29 23:27:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.09.20 18:38:23 | 000,001,585 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee AntiVirus Plus.lnk

[2010.09.20 18:38:19 | 000,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.09.20 18:37:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.09.20 18:36:24 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT

[2010.09.20 18:36:24 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini

[2010.09.20 07:03:37 | 000,000,558 | ---- | M] () -- C:\WINDOWS\win.ini

[2010.09.20 07:03:37 | 000,000,255 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.09.20 07:03:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010.09.19 21:21:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.09.15 23:39:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.09.12 17:32:53 | 000,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2010.09.12 16:20:58 | 000,137,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010.09.12 16:18:49 | 000,139,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys

[2010.09.12 16:18:27 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe

[2010.09.05 14:33:33 | 000,001,351 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DivX Movies.lnk

[2010.08.30 21:16:26 | 000,060,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.08.30 21:09:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.08.29 23:24:10 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk

[2010.08.29 23:22:42 | 000,001,594 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.08.29 23:24:10 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk

[2010.08.01 03:36:03 | 000,415,752 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-823518204-115176313-839522115-500-0.dat

[2010.07.29 00:27:15 | 000,284,938 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2010.07.11 15:14:37 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2010.04.28 17:51:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010.02.03 23:22:32 | 000,000,241 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log

[2009.09.30 13:08:17 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009.09.30 13:08:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009.09.30 13:08:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009.09.30 13:08:15 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.09.30 13:08:15 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009.09.30 13:08:14 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009.09.30 13:08:14 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009.09.11 14:14:47 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009.09.11 14:14:46 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009.07.21 15:02:36 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009.07.17 16:38:26 | 000,000,263 | ---- | C] () -- C:\WINDOWS\game.ini

[2009.07.10 23:03:46 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2009.07.10 22:38:47 | 000,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys

[2009.03.07 15:51:02 | 000,000,104 | ---- | C] () -- C:\WINDOWS\wiso.ini

[2009.02.28 01:08:51 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009.02.07 17:26:26 | 000,060,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2007.04.03 17:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2007.04.03 17:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 20.09.2010 19:29:02 - Run 1

OTL by OldTimer - Version 3.2.14.0     Folder = E:\My Documents\DOWNLOADS

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): D:\pagefile.sys 2048 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 48,83 Gb Total Space | 11,83 Gb Free Space | 24,22% Space Free | Partition Type: NTFS

Drive D: | 58,59 Gb Total Space | 32,85 Gb Free Space | 56,06% Space Free | Partition Type: NTFS

Drive E: | 172,04 Gb Total Space | 28,82 Gb Free Space | 16,75% Space Free | Partition Type: NTFS

Drive F: | 97,65 Gb Total Space | 20,79 Gb Free Space | 21,29% Space Free | Partition Type: NTFS

Drive G: | 181,82 Gb Total Space | 64,71 Gb Free Space | 35,59% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 244,14 Gb Total Space | 172,56 Gb Free Space | 70,68% Space Free | Partition Type: NTFS

 

Computer Name: KERIAN

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher

"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher

"6892:TCP" = 6892:TCP:*:Enabled:League of Legends Launcher

"6892:UDP" = 6892:UDP:*:Enabled:League of Legends Launcher

"6946:TCP" = 6946:TCP:*:Enabled:League of Legends Launcher

"6946:UDP" = 6946:UDP:*:Enabled:League of Legends Launcher

"6987:TCP" = 6987:TCP:*:Enabled:League of Legends Launcher

"6987:UDP" = 6987:UDP:*:Enabled:League of Legends Launcher

"6909:TCP" = 6909:TCP:*:Enabled:League of Legends Launcher

"6909:UDP" = 6909:UDP:*:Enabled:League of Legends Launcher

"6984:TCP" = 6984:TCP:*:Enabled:League of Legends Launcher

"6984:UDP" = 6984:UDP:*:Enabled:League of Legends Launcher

"6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher

"6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher

"6897:TCP" = 6897:TCP:*:Enabled:League of Legends Launcher

"6897:UDP" = 6897:UDP:*:Enabled:League of Legends Launcher

"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby

"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby

"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client

"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Programme\Miranda IM\miranda32.exe" = D:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )

"F:\SecondLife\SLVoice.exe" = F:\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found

"F:\Left4Dead\left4dead.exe" = F:\Left4Dead\left4dead.exe:*:Enabled:left4dead -- ()

"F:\Steam\steamapps\common\buccaneer demo\Buccaneer.exe" = F:\Steam\steamapps\common\buccaneer demo\Buccaneer.exe:*:Enabled:Buccaneer: The Pursuit of Infamy Demo -- File not found

"F:\BattleForge\Bootstrapper.exe" = F:\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic)

"F:\BattleForge\BattleForge.exe" = F:\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic)

"F:\Battlefield 2\BF2.exe" = F:\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- File not found

"F:\COD4\iw3mp.exe" = F:\COD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()

"F:\World in Conflict\wic.exe" = F:\World in Conflict\wic.exe:*:Enabled:World in Conflict -- (Massive Entertainment)

"F:\World in Conflict\wic_online.exe" = F:\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only -- (Massive Entertainment)

"F:\World in Conflict\wic_ds.exe" = F:\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server -- ()

"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"F:\ANNO 1404\Anno4.exe" = F:\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- ()

"F:\ANNO 1404\tools\Anno4Web.exe" = F:\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno 1404 Web -- ()

"F:\Steam\steamapps\common\left 4 dead\left4dead.exe" = F:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- File not found

"F:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = F:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- File not found

"F:\heroes in the sky\HIS.exe" = F:\heroes in the sky\HIS.exe:*:Enabled:his -- File not found

"G:\Steam\Steam.exe" = G:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"K:\Battlefield Bad Company 2\BFBC2Updater.exe" = K:\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)

"K:\League of Legends\Air\LolClient.exe" = K:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)

"K:\League of Legends\Game\League of Legends.exe" = K:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"G:\Steam\steamapps\common\league of legends\Air\LolClient.exe" = G:\Steam\steamapps\common\league of legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()

"G:\Steam\steamapps\common\league of legends\Game\League of Legends.exe" = G:\Steam\steamapps\common\league of legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"G:\Steam\steamapps\common\guild wars\Gw.exe" = G:\Steam\steamapps\common\guild wars\Gw.exe:*:Enabled:Guild Wars: Trilogy -- (ArenaNet)

"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"G:\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe" = G:\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)

"G:\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe" = G:\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)

"G:\Steam\steamapps\common\aliens vs predator\AvP.exe" = G:\Steam\steamapps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)

"G:\Steam\steamapps\common\arsenal of democracy\aodgame.exe" = G:\Steam\steamapps\common\arsenal of democracy\aodgame.exe:*:Enabled:Arsenal of Democracy -- (BL-Logic)

"C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe" = C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found

"C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

"D:\Programme\Sony Ericsson\Update Service\Update Service.exe" = D:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()

"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- (Veoh Networks)

"G:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = G:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()

"G:\Steam\steamapps\common\mountblade warband\mb_warband.exe" = G:\Steam\steamapps\common\mountblade warband\mb_warband.exe:*:Enabled:Mount and Blade: Warband -- ( Taleworlds Entertainment)

"G:\Steam\steamapps\common\left 4 dead\left4dead.exe" = G:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()

"G:\Steam\steamapps\herrkerian\counter-strike source\hl2.exe" = G:\Steam\steamapps\herrkerian\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"G:\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe" = G:\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- ()

"K:\League of Legends\lol.launcher.exe" = K:\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- (Solid State Networks)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2

"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI

"{516A594B-FEFF-4521-B857-69809AB266FF}" = VC8&9 CRT and ATL

"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{7C2E4E9B-0B88-48B6-B7B0-E3F3DF0A239D}" = GameSpy Comrade

"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A33CE67-80FB-4469-9ED1-E5D116391F68}_is1" = Moras Ausrüstungsplaner

"{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI

"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007

"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"{948B09C2-16EF-41DC-8E24-5C90B9D8360F}" = Sun VirtualBox

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6

"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2: Complete Collection

"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

"{AC76BA86-1033-F400-7761-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708

"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch

"{AFC4FEEE-6E08-4CC9-815E-5CEDF2C15E2E}_is1" = Terminplaner .Net

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{DF5D1668-B89A-44DF-9B3F-A961C4B87534}" = Simpleuploader  2.0

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Audition 3.0" = Adobe Audition 3.0

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"Alt.Binz" = Alt.Binz 0.25.0

"Arsenal of Democracy_is1" = Arsenal of Democracy

"ASAPI Update" = ASAPI Update

"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.05

"Audacity_is1" = Audacity 1.2.6

"Catan Online Welt" = Catan Online Welt

"City Life Deluxe" = City Life Deluxe

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"Cool Edit Pro 2.0" = Cool Edit Pro 2.0

"DAOCCharplan" = DAOC-Charplan

"DivX Setup.divx.com" = DivX-Setup

"DVD Shrink_is1" = DVD Shrink 3.2

"EA Download Manager" = EA Download Manager

"FinePrint" = FinePrint

"FLV Player" = FLV Player 2.0 (build 25)

"Fraps" = Fraps (remove only)

"Free Audio Dub_is1" = Free Audio Dub version 1.6

"Guild Wars" = GUILD WARS

"HD Tune_is1" = HD Tune 2.55

"ie8" = Windows Internet Explorer 8

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0

"League of Legends_is1" = League of Legends

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Miranda IM" = Miranda IM 0.8.27

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)

"Mp3tag" = Mp3tag v2.43

"MSC" = McAfee AntiVirus Plus

"MusicBrainz Picard" = MusicBrainz Picard 0.11

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"PartyCasino" = PartyCasino

"PartyPoker" = PartyPoker

"Plus500" = Plus500

"pro-Plan_is1" = pro-Plan 5.0.1.23

"pro-SiGe_is1" = pro-SiGe 4.0.0.6

"PunkBusterSvc" = PunkBuster Services

"RenSim_is1" = RenSim 3

"RivaTuner" = RivaTuner v2.24

"Security Task Manager" = Security Task Manager 1.7h

"Stargate Resistance" = Stargate Resistance

"Steam App 10680" = Aliens vs Predator

"Steam App 13140" = America's Army 3

"Steam App 20590" = League of Legends

"Steam App 29620" = Guild Wars: Trilogy

"Steam App 42850" = Arsenal of Democracy

"Steam App 48700" = Mount and Blade: Warband

"Steinberg WaveLab 4.0f" = Steinberg WaveLab 4.0f

"SystemRequirementsLab" = System Requirements Lab

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Uninstall_is1" = Uninstall 1.0.0.1

"Update Service" = Update Service

"Veoh Web Player Beta" = Veoh Web Player

"VLC media player" = VLC media player 1.0.0

"Warhammer Online: Age of Reckoning_is1" = Warhammer Online: Age of Reckoning

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR

"Wireshark" = Wireshark 1.2.1

"WORD" = Microsoft Office Word 2007

"Xfire" = Xfire (remove only)

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DAoC Portal" = DAoC Portal

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 11.07.2010 05:47:35 | Computer Name = KERIAN | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 11.07.2010 08:20:36 | Computer Name = KERIAN | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 11.07.2010 08:20:36 | Computer Name = KERIAN | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 11.07.2010 08:20:51 | Computer Name = KERIAN | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 11.07.2010 08:36:47 | Computer Name = KERIAN | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 11.07.2010 08:36:47 | Computer Name = KERIAN | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 11.07.2010 08:37:03 | Computer Name = KERIAN | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 11.07.2010 08:58:43 | Computer Name = KERIAN | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 11.07.2010 08:58:43 | Computer Name = KERIAN | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 11.07.2010 08:58:58 | Computer Name = KERIAN | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

[ System Events ]

Error - 18.09.2010 14:27:54 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Password Manager Pro" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 18.09.2010 14:27:54 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7023

Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet:   %%126

 

Error - 18.09.2010 19:01:32 | Computer Name = KERIAN | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "helpsvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

 

Error - 19.09.2010 15:22:41 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1058

 

Error - 19.09.2010 15:22:41 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7023

Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet:   %%126

 

Error - 20.09.2010 00:49:37 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1058

 

Error - 20.09.2010 00:49:37 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7023

Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet:   %%126

 

Error - 20.09.2010 01:06:37 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1058

 

Error - 20.09.2010 01:06:37 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7023

Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet:   %%126

 

Error - 20.09.2010 12:39:06 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1058

 

 

< End of report >

--- --- ---

Da muss man ja ganz schön auf seinem System rumreiten ^^

Combofix Logfile:

Code:

ComboFix 10-09-20.07 - Administrator 21.09.2010  18:11:46.1.4 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3327.2855 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe

AV: McAfee Anti-Virus und Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

 * Im Speicher befindliches AV aktiv.
 

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\.#
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_NPF

-------\Legacy_SSHNAS
 
 

(((((((((((((((((((((((   Dateien erstellt von 2010-08-21 bis 2010-09-21  ))))))))))))))))))))))))))))))

.
 

2010-09-20 08:54 . 2010-09-20 08:54        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2010-09-20 08:54 . 2010-09-20 08:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-09-20 08:54 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-20 08:54 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-09-20 04:56 . 2010-09-20 04:56        960        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1CF327F06067768468C6EC08DA92D2FA.dll

2010-09-15 21:54 . 2010-06-20 02:21        214016        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Thunderbird\Profiles\tuuzqovv.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll

2010-09-10 13:48 . 2010-09-10 13:48        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Auslogics

2010-09-05 12:33 . 2010-09-05 12:33        56765        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-09-05 12:33 . 2010-09-05 12:33        53600        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe

2010-08-29 22:15 . 2010-08-29 22:15        --------        d-----w-        c:\programme\Veoh Networks

2010-08-29 21:27 . 2010-08-29 21:27        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java

2010-08-29 21:25 . 2010-09-05 12:16        185640        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\finishPlugin.dll

2010-08-29 21:25 . 2010-08-29 21:25        56997        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe

2010-08-29 21:25 . 2010-08-29 21:25        57691        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe

2010-08-29 21:22 . 2010-08-29 21:22        54153        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-21 15:53 . 2009-09-30 11:08        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Media Player Classic

2010-09-21 07:29 . 2010-07-10 22:58        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ICQ

2010-09-20 22:12 . 2009-02-06 23:56        36464        ----a-w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2010-09-20 05:01 . 2010-09-20 04:56        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan

2010-09-20 04:56 . 2010-09-20 04:56        334        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_10F61E61D2E284244AF26762C141B7C6.dll

2010-09-15 21:38 . 2010-04-12 18:23        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help

2010-09-14 08:21 . 2010-06-09 19:43        --------        d-----w-        c:\programme\Microsoft Silverlight

2010-09-12 15:32 . 2009-07-21 13:02        189480        ----a-w-        c:\windows\system32\PnkBstrB.exe

2010-09-12 14:20 . 2009-07-21 13:02        137544        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2010-09-12 14:18 . 2009-07-10 20:38        139152        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys

2010-09-12 14:18 . 2009-07-10 20:38        139152        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys

2010-09-12 14:18 . 2009-07-21 12:36        794408        ----a-w-        c:\windows\system32\pbsvc.exe

2010-09-10 15:30 . 2010-07-27 07:47        --------        d-----w-        c:\programme\Pando Networks

2010-09-10 13:38 . 2009-02-06 22:47        --------        d--h--w-        c:\programme\InstallShield Installation Information

2010-09-09 20:03 . 2009-02-07 00:02        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Thunderbird

2010-09-05 12:33 . 2010-04-28 22:52        57344        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-09-05 12:33 . 2010-04-28 22:49        --------        d-----w-        c:\programme\DivX

2010-09-05 12:33 . 2010-04-28 22:49        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX

2010-09-05 12:15 . 2010-04-28 22:51        1062184        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll

2010-09-05 12:15 . 2010-04-28 22:49        144696        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-09-05 12:15 . 2010-04-28 22:51        850200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe

2010-08-30 21:33 . 2009-03-01 15:45        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Xfire

2010-08-29 21:27 . 2009-08-08 12:11        --------        d-----w-        c:\programme\Java

2010-08-18 20:23 . 2009-02-10 21:59        1        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-08-17 13:17 . 2002-12-31 12:00        58880        ----a-w-        c:\windows\system32\spoolsv.exe

2010-08-12 23:02 . 2010-08-12 23:02        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2010-08-12 23:02 . 2010-08-12 23:02        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf

2010-08-12 23:02 . 2010-08-12 23:02        0        ---ha-w-        c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-08-12 23:00 . 2010-08-12 23:00        27632        ----a-w-        c:\windows\system32\drivers\seehcri.sys

2010-08-12 23:00 . 2010-08-12 23:00        25512        ----a-w-        c:\windows\system32\drivers\ggsemc.sys

2010-08-12 23:00 . 2010-08-12 23:00        13224        ----a-w-        c:\windows\system32\drivers\ggflt.sys

2010-08-12 23:00 . 2010-08-12 23:00        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll

2010-08-12 21:31 . 2002-12-31 12:00        526596        ----a-w-        c:\windows\system32\perfh007.dat

2010-08-12 21:31 . 2002-12-31 12:00        104896        ----a-w-        c:\windows\system32\perfc007.dat

2010-08-08 09:08 . 2010-08-05 17:11        --------        d-----w-        c:\programme\McAfee

2010-08-06 21:52 . 2010-08-05 17:12        --------        d-----w-        c:\programme\McAfee.com

2010-08-06 14:57 . 2010-08-06 14:57        503808        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58dc6773-n\msvcp71.dll

2010-08-06 14:57 . 2010-08-06 14:57        499712        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58dc6773-n\jmc.dll

2010-08-06 14:57 . 2010-08-06 14:57        348160        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58dc6773-n\msvcr71.dll

2010-08-06 14:57 . 2010-08-06 14:57        61440        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d7d2a05-n\decora-sse.dll

2010-08-06 14:57 . 2010-08-06 14:57        12800        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d7d2a05-n\decora-d3d.dll

2010-08-06 14:52 . 2010-08-05 17:01        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee

2010-08-06 14:51 . 2010-08-05 17:12        --------        d-----w-        c:\programme\Gemeinsame Dateien\McAfee

2010-08-01 01:36 . 2010-08-01 01:36        415752        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-823518204-115176313-839522115-500-0.dat

2010-08-01 01:36 . 2010-07-28 22:27        284938        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

2010-07-26 19:03 . 2010-07-23 16:10        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mount&Blade Warband

2010-07-22 15:48 . 2002-12-31 12:00        590848        ----a-w-        c:\windows\system32\rpcrt4.dll

2010-07-22 06:19 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll

2010-07-17 03:00 . 2010-04-24 14:28        423656        ----a-w-        c:\windows\system32\deployJava1.dll

2010-06-30 12:28 . 2002-12-31 12:00        149504        ----a-w-        c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2002-12-31 12:00        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2002-12-31 12:00        1852032        ----a-w-        c:\windows\system32\win32k.sys

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"Launch LgDeviceAgent"="c:\programme\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 357384]

"Launch LCDMon"="c:\programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 1573384]

"Launch LGDCore"="c:\programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 3161608]

"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2010-06-19 10:36        640440        ----a-w-        d:\programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2010-06-19 17:04        38840        ----a-w-        d:\programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06        976832        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04        35760        ----a-w-        d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 05:58        611712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43        69632        ----a-r-        c:\windows\ALCMTR.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]

2008-10-01 16:52        800256        ----a-w-        c:\programme\GameSpy\Comrade\Comrade.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57        153136        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]

2009-02-25 17:55        2781184        ----a-w-        d:\programme\RivaTuner v2.24\RivaTuner.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-06-13 06:49        16377344        ----a-r-        c:\windows\RTHDCPL.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44        248552        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"CVPND"=2 (0x2)
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Programme\\Miranda IM\\miranda32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Left4Dead\\left4dead.exe"=

"f:\\BattleForge\\Bootstrapper.exe"=

"f:\\BattleForge\\BattleForge.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"f:\\COD4\\iw3mp.exe"=

"f:\\World in Conflict\\wic.exe"=

"f:\\World in Conflict\\wic_online.exe"=

"f:\\World in Conflict\\wic_ds.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"f:\\ANNO 1404\\Anno4.exe"=

"f:\\ANNO 1404\\tools\\Anno4Web.exe"=

"g:\\Steam\\Steam.exe"=

"k:\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

"k:\\League of Legends\\Air\\LolClient.exe"=

"k:\\League of Legends\\Game\\League of Legends.exe"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"g:\\Steam\\steamapps\\common\\league of legends\\Air\\LolClient.exe"=

"g:\\Steam\\steamapps\\common\\league of legends\\Game\\League of Legends.exe"=

"g:\\Steam\\steamapps\\common\\guild wars\\Gw.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"d:\\Programme\\ICQ7.2\\ICQ.exe"=

"d:\\Programme\\ICQ7.2\\aolload.exe"=

"g:\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=

"g:\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=

"g:\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=

"g:\\Steam\\steamapps\\common\\arsenal of democracy\\aodgame.exe"=

"c:\\Programme\\Gemeinsame Dateien\\McAfee\\McSvcHost\\McSvHost.exe"=

"d:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Programme\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"g:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

"g:\\Steam\\steamapps\\common\\mountblade warband\\mb_warband.exe"=

"g:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

"g:\\Steam\\steamapps\\herrkerian\\counter-strike source\\hl2.exe"=

"g:\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"8394:TCP"= 8394:TCP:League of Legends Launcher

"8394:UDP"= 8394:UDP:League of Legends Launcher

"6892:TCP"= 6892:TCP:League of Legends Launcher

"6892:UDP"= 6892:UDP:League of Legends Launcher

"6946:TCP"= 6946:TCP:League of Legends Launcher

"6946:UDP"= 6946:UDP:League of Legends Launcher

"6987:TCP"= 6987:TCP:League of Legends Launcher

"6987:UDP"= 6987:UDP:League of Legends Launcher

"6909:TCP"= 6909:TCP:League of Legends Launcher

"6909:UDP"= 6909:UDP:League of Legends Launcher

"6984:TCP"= 6984:TCP:League of Legends Launcher

"6984:UDP"= 6984:UDP:League of Legends Launcher

"6959:TCP"= 6959:TCP:League of Legends Launcher

"6959:UDP"= 6959:UDP:League of Legends Launcher

"6897:TCP"= 6897:TCP:League of Legends Launcher

"6897:UDP"= 6897:UDP:League of Legends Launcher
 

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [26.04.2010 20:59 11264]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [06.08.2010 01:28 82952]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [29.03.2010 00:06 123856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [29.03.2010 00:06 41680]

R2 McMPFSvc;McAfee Personal Firewall-Dienst;"c:\programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [06.08.2010 01:27 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [06.08.2010 01:27 271480]

R2 mfefire;McAfee Firewall Core Service;c:\programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe [06.08.2010 01:28 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe [06.08.2010 01:28 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [06.08.2010 01:28 55456]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [14.07.2009 16:35 19720]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [06.08.2010 01:28 312616]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [06.08.2010 01:28 88480]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.08.2010 01:00 27632]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [25.03.2010 20:06 99728]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [25.03.2010 20:06 110608]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]

S3 cpuz130;cpuz130;\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\ADMINI~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13.08.2010 01:00 13224]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [06.08.2010 01:28 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [06.08.2010 01:28 83496]

S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~3\MSI\MSIWDev\DVDSYS32_100507.sys [10.05.2010 10:44 22328]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~3\MSI\MSIWDev\msibios32_100507.sys [10.05.2010 10:44 25912]

S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~3\MSI\MSIWDev\VGASYS32_100507.sys [10.05.2010 10:44 16696]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]

S4 PMP;Password Manager Pro;d:\programme\PMP\bin\wrapper.exe -s d:\programme\PMP\conf\wrapper.conf --> d:\programme\PMP\bin\wrapper.exe -s d:\programme\PMP\conf\wrapper.conf [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.02.2009 01:08 717296]
 

--- Andere Dienste/Treiber im Speicher ---
 

*Deregistered* - mfeavfk01

.

.

------- Zusätzlicher Suchlauf -------

.

IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\partygaming\PartyCasino\RunApp.exe

Trusted Zone: com\www.msi

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: d:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: d:\programme\Mozilla Firefox\plugins\npwachk.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

MSConfigStartUp-boincmgr - d:\programme\BOINC\boincmgr.exe

MSConfigStartUp-boinctray - d:\programme\BOINC\boinctray.exe

MSConfigStartUp-GameTracker - e:\gametracker\GTLite.exe

MSConfigStartUp-Steam - f:\steam\Steam.exe

MSConfigStartUp-XA5RJ9EADJ - c:\dokume~1\ADMINI~1\LOKALE~1\Temp\Ylr.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-09-21 18:18

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-823518204-115176313-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,aa,66,6f,24,eb,a1,49,b2,e7,13,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,df,1b,05,76,5e,99,49,91,91,20,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,aa,66,6f,24,eb,a1,49,b2,e7,13,\
 

[HKEY_USERS\S-1-5-21-823518204-115176313-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:40,fa,26,e3,a1,45,23,98,c2,68,6d,59,20,a7,0e,26,dd,9e,aa,9d,7a,3d,1e,

   d3,04,14,71,b8,0d,b2,35,a8,4d,99,73,f7,70,b8,80,6c,b0,a2,fe,e3,50,62,18,d3,\

"??"=hex:a7,ec,e4,d8,d7,f8,29,0e,64,03,31,b9,5a,79,0a,bc
 

[HKEY_USERS\S-1-5-21-823518204-115176313-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:89,33,00,c9,b6,30,d9,22,4f,f3,e5,93,80,4f,fa,23,85,7c,51,a4,74,

   27,34,3d,3d,dd,f8,c7,d7,9c,65,8e,53,bd,0d,a7,48,08,99,6a,d4,c4,5f,15,b4,18,\

"rkeysecu"=hex:c2,dd,a7,ab,6a,f9,54,db,6e,6e,b0,d7,90,09,24,ed
 

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,aa,66,6f,24,eb,a1,49,b2,e7,13,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,aa,66,6f,24,eb,a1,49,b2,e7,13,\
 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'explorer.exe'(884)

c:\windows\system32\webcheck.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wdfmgr.exe

c:\programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe

c:\windows\system32\RUNDLL32.EXE

c:\programme\Logitech\GamePanel Software\Applets\LCDClock.exe

c:\programme\Logitech\GamePanel Software\Applets\LCDPop3.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-09-21  18:22:20 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-09-21 16:22
 

Vor Suchlauf: 9 Verzeichnis(se), 12.921.753.600 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 12.820.910.080 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 

- - End Of File - - E45282678ABC0F2395D472E105E5279A

--- --- ---