| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei SystemstartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.10.2010, 01:22
| #1 |
 |  ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Tag! Ich habe shcon seit längerer Zeit das Problem, welches ich oben im Threadtitel schon etwas erklärt habe. Mit jedem Startup krieg ich ungefähr 6 Probleme angezeigt, die alle diese oder ähnliche Fehler beinhalten. Da mich das bisher nicht gestört hat habe ich mich mir nie Sorgen gemacht, allerdings habe ich seit einiger Zeit extreme Highpings(im Durchschnitt ~400) und da habe ich mich dazu aufgerafft einen Virenscan zu machen. Ich habe auch einiges gefunden und nachdem ich die Viren ein bisschen nachgegoogled habe, bin ich auf das Thema mit dem Adobe\Manager.exe gestoßen. Dies scheint wohl ein Malware Problem zu sein und dort wurde geraten mal ein Systemscan mit Malwarebytes zu machen, allerdings habe ich mit dem Programm das Problem, dass es extrem langsam ist und dass es sich immer für eine Zeit aufhängt und alle 10-15 sec ein Signal von sich gibt und es nimmt extreme Zeit in Anspruch. Ich wüsste gerne, ob dieses Problem normal ist, oder ob es andere Programme gibt, die genauso gut sind. Oder brauch ich sogar für dieses Problem kein Malwarebytes? |
|
17.10.2010, 14:38
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei SystemstartZitat:
Aus den Regeln: 5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe) Fehlen diese Angaben, kann und wird dir hier niemand helfen.
__________________ |
|
17.10.2010, 17:27
| #3 |
| | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Okay. Einmal hatte ich die Datei F:\Downloads\Advanced (ohne Endung) mit dem Virus TR/Horse.KNN, dann 'C:\Dokumente und Einstellungen\X\Anwendungsdaten\Adobe\Manager.exe' mit TR/Dldr.Delphi.Gen und zum Schluss noch 'C:\Dokumente und Einstellungen\X\Lokale Einstellungen\Temp\prf582.tmp' mit TR/Crypt.TPM.Gen.
__________________Die andern waren alle in Zip Dateien, die ich kenne, die ich allerdings nie entpackt habe. |
|
17.10.2010, 18:52
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Ok. Da Malwarebytes noch nicht geht erstmal Logs mit OTL erstellen: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.10.2010, 04:57
| #5 |
| | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Hier Nummer 1:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.10.2010 05:48:32 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\faNatic\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 17.58 Gb Total Space | 1.68 Gb Free Space | 9.57% Space Free | Partition Type: NTFS
Drive E: | 117.19 Gb Total Space | 23.14 Gb Free Space | 19.75% Space Free | Partition Type: NTFS
Drive F: | 163.31 Gb Total Space | 1.76 Gb Free Space | 1.08% Space Free | Partition Type: NTFS
Computer Name: FANATIC | User Name: faNatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"FirstRunDisabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"43594:TCP" = 43594:TCP:*:Enabled:littlething.no-ip.biz
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6904:TCP" = 6904:TCP:*:Enabled:League of Legends Launcher
"6904:UDP" = 6904:UDP:*:Enabled:League of Legends Launcher
"6996:TCP" = 6996:TCP:*:Enabled:League of Legends Launcher
"6996:UDP" = 6996:UDP:*:Enabled:League of Legends Launcher
"6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher
"6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher
"6957:TCP" = 6957:TCP:*:Enabled:League of Legends Launcher
"6957:UDP" = 6957:UDP:*:Enabled:League of Legends Launcher
"6986:TCP" = 6986:TCP:*:Enabled:League of Legends Launcher
"6986:UDP" = 6986:UDP:*:Enabled:League of Legends Launcher
"6946:TCP" = 6946:TCP:*:Enabled:League of Legends Launcher
"6946:UDP" = 6946:UDP:*:Enabled:League of Legends Launcher
"6890:TCP" = 6890:TCP:*:Enabled:League of Legends Launcher
"6890:UDP" = 6890:UDP:*:Enabled:League of Legends Launcher
"6888:TCP" = 6888:TCP:*:Enabled:League of Legends Launcher
"6888:UDP" = 6888:UDP:*:Enabled:League of Legends Launcher
"6953:TCP" = 6953:TCP:*:Enabled:League of Legends Launcher
"6953:UDP" = 6953:UDP:*:Enabled:League of Legends Launcher
"6933:TCP" = 6933:TCP:*:Enabled:League of Legends Launcher
"6933:UDP" = 6933:UDP:*:Enabled:League of Legends Launcher
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\G5RT8ODB.KXL\WEG00MPM.3QZ\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\tools\AA_Utility_FileDownloader.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\G5RT8ODB.KXL\WEG00MPM.3QZ\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\tools\AA_Utility_FileDownloader.exe:*:Enabled:AA_Utility_FileDownloader -- (Microsoft)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\G5RT8ODB.KXL\WEG00MPM.3QZ\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\AALogReader.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\G5RT8ODB.KXL\WEG00MPM.3QZ\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\AALogReader.exe:*:Enabled:America's Army Utility Package -- (K2-Solutions)
"C:\Dokumente und Einstellungen\Little Thing\Lokale Einstellungen\Apps\2.0\2NGZAY6M.C8Q\0QDCD9N6.2CW\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\tools\AA_Utility_FileDownloader.exe" = C:\Dokumente und Einstellungen\Little Thing\Lokale Einstellungen\Apps\2.0\2NGZAY6M.C8Q\0QDCD9N6.2CW\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\tools\AA_Utility_FileDownloader.exe:*:Enabled:AA_Utility_FileDownloader -- (Microsoft)
"C:\Dokumente und Einstellungen\Little Thing\Lokale Einstellungen\Apps\2.0\2NGZAY6M.C8Q\0QDCD9N6.2CW\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\AALogReader.exe" = C:\Dokumente und Einstellungen\Little Thing\Lokale Einstellungen\Apps\2.0\2NGZAY6M.C8Q\0QDCD9N6.2CW\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\AALogReader.exe:*:Enabled:America's Army Utility Package -- (K2-Solutions)
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"E:\Quake III Arena\quake3.exe" = E:\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"E:\Call of Duty 4\iw3mp.exe" = E:\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"F:\Downloads\CryptLoad_1.1.5\RouterClient.exe" = F:\Downloads\CryptLoad_1.1.5\RouterClient.exe:*:Enabled:RouterClient -- (hxxp://cryptload.info)
"E:\Alaplaya\S4League\S4Client.exe" = E:\Alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe -- ()
"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Programme\HLSW\hlsw.exe" = C:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW Application -- (Stripf Software)
"F:\AppServ\Apache2.2\bin\httpd.exe" = F:\AppServ\Apache2.2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Dokumente und Einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Dokumente und Einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"E:\Prototype\prototypef.exe" = E:\Prototype\prototypef.exe:*:Enabled:Prototype(TM) -- (Activision)
"C:\Programme\EslWire\wire.exe" = C:\Programme\EslWire\wire.exe:*:Enabled:ESL Wire Client -- (Turtle Entertainment GmbH)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\League of Legends\Air\LolClient.exe" = F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"F:\League of Legends\Game\League of Legends.exe" = F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"E:\Steam\Steam.exe" = E:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\Steam\steamapps\common\alien swarm\srcds.exe" = E:\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"F:\TmNationsForever\TmForever.exe" = F:\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"E:\Warcraft III\War3.exe" = E:\Warcraft III\War3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"E:\Counter Strike Zeug\Counter-Strike 1.6 V35\hl.exe" = E:\Counter Strike Zeug\Counter-Strike 1.6 V35\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"E:\Steam\steamapps\rook934439\counter-strike source\hl2.exe" = E:\Steam\steamapps\rook934439\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"E:\Steam\steamapps\common\alien swarm\swarm.exe" = E:\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"E:\Steam\steamapps\rook934439\counterstrike source beta\hl2.exe" = E:\Steam\steamapps\rook934439\counterstrike source beta\hl2.exe:*:Enabled:Counter-Strike: Source Beta -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[00] & eFever CS:S Mappack - Around the World - presented by NOVA Gaming" = [00] & eFever CS:S Mappack - Around the World - presented by NOVA Gaming
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{132C89C5-3B67-48A9-BFF4-B530B044522D}" = Multi Teamspeak 2.33.77
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CC49405-4C2C-43AF-8C9A-6020D7244277}" = NETGEAR XE103 Powerline Encryption Utility
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160060}" = Java(TM) SE Development Kit 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{454070F6-2CAF-49DE-84E7-07DC177789FB}" = Unlimited Cabal
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.30
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51DDFE79-3B2B-4AC7-8CAD-803D7D0DF6DD}" = MySQL Server 6.0
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C9CA43-7677-4F89-A971-1104A94DF0F2}" = CSE Demoplayer
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7EC5CFE0-20F2-4A6D-8BBA-EB6F7F064ADC}" = DANCE!ONLINE
"{815AED97-7FF9-472E-BD14-B7662793D6EB}" = BindMe-1.0.1
"{844DBF54-F822-4A1C-896B-93C0FBBA38D3}" = Sven 2 XS
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A21DC631-B7B9-4EBD-855B-70735EA92975}" = Bflat v.0.94
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5FB086B-B602-4452-8FE9-DF6BFBCE3D09}" = Steinberg Cubase Studio 4
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AF79DFD1-04C2-4CE5-9C8F-F60CA3CF01A7}" = NETGEAR Powerline-Ethernet-Adapter XE102
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B97ACE80-6D9B-11D6-AFFD-0040052179B6}" = Crazy Taxi
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C3006EEA-E54F-4CF4-A966-F7BB9FBD7EB8}_is1" = Escepia WarFinder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C787A3CB-77D3-405D-971A-CFF8CDC56A72}" = TMPGEnc 4.0 XPress Testversion
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}" = S4 League
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = 1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EF434C52-D882-43DB-8777-EC7B10D8943C}" = America's Army
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Alice" = Alice-Installationsdateien entfernen
"All To MP3 Converter_is1" = All To MP3 Converter 2.15
"AppServ" = AppServ 2.5.10 (remove only)
"ASIO4ALL" = ASIO4ALL
"ASPack" = ASPack
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"AVI Splitter_is1" = AVI Splitter
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.43
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"Bowling Evolution" = Bowling Evolution
"CABAL Online_is1" = CABAL Online
"cFosSpeed" = cFosSpeed v4.24
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Counter-Strike: Source" = Counter-Strike: Source
"CSStrat" = CSStrat
"CTSPD" = CTSPD
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DualCoreCenter_is1" = DualCoreCenter
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy Movie Splitter_is1" = Easy Movie Splitter 2.5.18
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"ESL Wire_is1" = ESL Wire 1.8.1
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Excalibur6_is1" = Excalibur 6.0.3 for Vegas Pro 8.0a or newer
"ffdshow_is1" = ffdshow [rev 1685] [2007-12-06]
"FileZilla Client" = FileZilla Client 3.3.4.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 2.1
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Frets on Fire" = Frets On Fire
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GTA San Andreas Control Center v2.1.1" = GTA San Andreas Control Center v2.1.1
"gtkmm" = gtkmm Runtime Environment 2.6
"Guild Wars" = GUILD WARS
"GuildWars Visions_is1" = GuildWars Visions v1.08
"GW Team Builder_is1" = GW Team Builder 1.2.1
"HLSW_is1" = HLSW v1.3.1
"HyperCam Toolbar" = HyperCam Toolbar
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IvanView" = IvanView
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Klomanager" = Klomanager
"LastFM_is1" = Last.fm 1.5.4.24567
"League of Legends_is1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"MakeTorrent 2" = MakeTorrent v2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"mIRC" = mIRC
"MovieSplitter" = Movie Splitter
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSI Live" = MSI Live
"MSI Live Update 3" = MSI Live Update 3
"MsJavaVM" = Microsoft VM for Java
"msulvc06" = MSUlvc06 Lossless Video Codec 0.6.0 (Remove Only)
"Mumble" = Mumble and Murmur
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Orb" = Winamp Remote
"OtsTurntables Free" = OtsTurntables Free 1.00.027
"Pangya_Eu" = Pangya_Eu (GOA)
"Picasa2" = Picasa 2
"POLARITY+ Sensory Overload" = POLARITY+ Sensory Overload (remove only)
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"Privoxy" = Privoxy 3.0.6
"PunkBusterSvc" = PunkBuster Services
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"RealPlayer 6.0" = RealPlayer
"REAPER" = REAPER
"Reason4_is1" = Reason 4.0
"Recuva" = Recuva
"ROCCAT GUI-CSS" = ROCCAT GUI 1.00 (CS:S)
"RouterControl" = RouterControl 2.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"ScummVM_is1" = ScummVM 0.12.0
"Security Task Manager" = Security Task Manager 1.7h
"ShowShifter" = ShowShifter
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 630" = Alien Swarm
"StepMania" = StepMania (remove only)
"Streamripper" = Streamripper (Remove only)
"Subversion_is1" = Subversion 1.4.5-r25188
"sXe Injected" = sXe Injected
"sXe_Injected" = sXe Injected
"SystemRequirementsLab" = System Requirements Lab
"tdp" = 3Deep
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"Tony Hawk's Pro Skater 3®" = Tony Hawk's Pro Skater 3®
"Tor" = Tor 0.2.0.34
"TreeSize Free_is1" = TreeSize Free V2.3.3
"Trillian" = Trillian
"True Internet Color" = E-Color Indicator
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.8
"UT2004" = Unreal Tournament 2004
"Vidalia" = Vidalia 0.1.10
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.2
"VTFEdit_is1" = VTFEdit 1.2.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"WinHex" = WinHex
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.95.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FlyForInfinity-Installer" = FlyForInfinity-Installer
"MPR" = Mozilla Password Recovery
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Und hier Nummer 2:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2010 05:48:32 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\faNatic\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 17.58 Gb Total Space | 1.68 Gb Free Space | 9.57% Space Free | Partition Type: NTFS Drive E: | 117.19 Gb Total Space | 23.14 Gb Free Space | 19.75% Space Free | Partition Type: NTFS Drive F: | 163.31 Gb Total Space | 1.76 Gb Free Space | 1.08% Space Free | Partition Type: NTFS Computer Name: FANATIC | User Name: faNatic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\faNatic\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - E:\Steam\steam.exe (Valve Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - F:\Programme\cFos\spd.exe (cFos Software GmbH) PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - F:\AppServ\Apache2.2\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) PRC - C:\Programme\NetLimiter 2 Pro\nlsvc.exe (Locktime Software) PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\faNatic\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe File not found SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NVIDIA Performance Driver Service) -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe () SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (cFosSpeedS) -- F:\Programme\cFos\spd.exe (cFos Software GmbH) SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Apache2.2) -- F:\AppServ\Apache2.2\bin\httpd.exe (Apache Software Foundation) SRV - (nTuneService) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (nlsvc) -- C:\Programme\NetLimiter 2 Pro\nlsvc.exe (Locktime Software) SRV - (Capture Device Service) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (zlportio) -- E:\UltraStar\zlportio.sys File not found DRV - (XDva093) -- C:\WINDOWS\System32\XDva093.sys File not found DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys File not found DRV - (NTProcDrv) -- F:\Downloads\sro\SROBotEn1.97b\NtProcDrv.sys File not found DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found DRV - (giveio) -- C:\WINDOWS\System32\giveio.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (ByakkoDriver) -- C:\DOKUME~1\faNatic\LOKALE~1\Temp\72186468.09- File not found DRV - (ESLWireAC) -- C:\WINDOWS\system32\drivers\ESLWireACD.sys (<Turtle Entertainment>) DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (CEDRIVER55) -- C:\Programme\Cheat Engine\dbk32.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ESLvnic1) -- C:\WINDOWS\system32\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys () DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking) DRV - (cFosSpeed) -- C:\WINDOWS\system32\drivers\cfosspeed.sys (cFos Software GmbH) DRV - (MMRTKRNL) -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys (AlcaTech) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (EuMusDesignVirtualAudioCableWdm_s2x) Sound2x Audio Cable (WDM) -- C:\WINDOWS\system32\drivers\vacs2xkd.sys (Eugene V. Muzychenko) DRV - (jraid) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.) DRV - (nltdi) -- C:\WINDOWS\system32\drivers\nltdi.sys (Locktime Software) DRV - (PDNMp50) -- C:\WINDOWS\system32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\WINDOWS\system32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft) DRV - (hidusbf) -- C:\WINDOWS\system32\drivers\hidusbf.sys (SweetLow) DRV - (DigiCellDriver) -- C:\Programme\MSI\DualCoreCenter\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (krait03) -- C:\WINDOWS\system32\drivers\krait.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (PStrip) -- C:\WINDOWS\system32\drivers\PStrip.sys (EnTech Taiwan) DRV - (PLCMPR5) -- C:\WINDOWS\system32\PLCMPR5.SYS (Intellon, Inc.) DRV - (PLCNDIS5) -- C:\WINDOWS\system32\PLCNDIS5.SYS (Intellon, Inc.) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.) DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH) DRV - (NTIOWP) -- C:\WINDOWS\System32\drivers\ntiowp.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.25 03:21:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.17 13:23:10 | 000,000,000 | ---D | M] [2009.11.15 18:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Extensions [2009.03.31 01:36:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2010.09.25 16:46:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions [2010.09.18 13:57:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.03.06 12:31:33 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2010.07.23 15:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.25 17:37:45 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010.07.15 18:03:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.03 08:40:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.03.15 19:56:46 | 000,000,000 | ---D | M] (iGraal) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2} [2010.09.18 13:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\hdsrq670.default\extensions [2010.09.18 13:57:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\hdsrq670.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.23 15:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\hdsrq670.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.18 13:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\to8vs0uf.Standard-Benutzer\extensions [2009.04.23 17:35:22 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\to8vs0uf.Standard-Benutzer\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.09.18 13:57:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\to8vs0uf.Standard-Benutzer\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2009.11.15 13:51:42 | 000,000,000 | ---D | M] (kikin plugin (Murb.com Edition)) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\to8vs0uf.Standard-Benutzer\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.07.23 15:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\to8vs0uf.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.18 13:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\uaq7opok.default\extensions [2010.09.18 13:57:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\uaq7opok.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2009.11.15 13:51:42 | 000,000,000 | ---D | M] (kikin plugin (Murb.com Edition)) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\uaq7opok.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.07.23 15:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\uaq7opok.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.10.16 02:13:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.28 14:57:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 09:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.16 02:13:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.04.06 16:58:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2009.02.14 02:32:54 | 000,024,683 | ---- | M] (Ask.com) -- C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.14 18:12:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.14 18:12:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.14 18:12:26 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.14 18:12:26 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.14 18:12:26 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.05 23:10:37 | 000,420,605 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14508 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\HyperCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\HyperCam Toolbar\tbcore3.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [cFosSpeed] F:\Programme\cFos\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [ESL Wire] C:\Programme\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [NVIDIA nTune] C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\faNatic\Startmenü\Programme\Autostart\Mousometer.lnk = F:\Downloads\mousometer.exe () F3 - HKCU WinNT: Run - ("C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Adobe\Manager.exe") - C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Adobe\Manager.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll () O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.18 17:03:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.01.03 00:10:37 | 000,002,975 | ---- | M] () - F:\autoexec.cfg -- [ NTFS ] O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell - "" = AutoRun O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell\AutoRun\command - "" = J:\RunGame.exe -- File not found O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell - "" = AutoRun O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell\AutoRun\command - "" = I:\RunGame.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.10.18 05:47:34 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\faNatic\Desktop\OTL.exe [2010.10.16 15:36:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.16 15:36:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.16 15:36:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.16 15:03:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\faNatic\Desktop\MFTools [2010.10.16 02:12:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.10.16 02:12:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.10.16 02:12:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.10.15 14:31:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\Malwarebytes [2010.10.15 14:31:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.15 11:41:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.10.14 01:30:41 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.14 01:25:48 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.07 14:16:39 | 000,843,576 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys [2010.09.21 22:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB [2010.09.18 13:57:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB [2010.09.18 13:57:19 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB [2010.09.18 12:22:58 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.18 05:52:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A0AB7559-CCBD-4E9E-BF64-04BDEDC60467}.job [2010.10.18 05:47:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\faNatic\Desktop\OTL.exe [2010.10.17 16:49:04 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2EC99488-57A7-4E6A-B470-2A1129B66C9E}.job [2010.10.17 13:19:44 | 000,250,792 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.10.17 13:09:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.17 03:51:27 | 000,012,368 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw [2010.10.17 03:51:26 | 000,000,704 | ---- | M] () -- C:\WINDOWS\System32\history.aaw [2010.10.16 15:36:28 | 000,000,703 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.16 15:28:28 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\faNatic\Desktop\defogger.exe [2010.10.16 15:28:27 | 000,285,230 | ---- | M] () -- C:\Dokumente und Einstellungen\faNatic\Desktop\Gmer.zip [2010.10.14 20:42:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.14 18:07:16 | 000,000,581 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.10.14 11:29:57 | 001,775,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.13 20:57:39 | 000,281,826 | ---- | M] () -- C:\Dokumente und Einstellungen\faNatic\Eigene Dateien\darkstep.rns [2010.10.13 00:02:26 | 000,000,630 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ESL Wire.lnk [2010.10.12 14:39:50 | 000,843,576 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys [2010.10.12 01:24:06 | 000,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.09 14:27:19 | 000,148,012 | ---- | M] () -- C:\Dokumente und Einstellungen\faNatic\Eigene Dateien\DNB_neu.rns [2010.10.08 00:13:31 | 000,526,596 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.08 00:13:31 | 000,501,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.08 00:13:31 | 000,104,896 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.08 00:13:31 | 000,087,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.07 12:54:33 | 000,001,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2010.10.05 23:10:37 | 000,420,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.10.05 22:55:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.09.18 12:22:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010.09.18 12:22:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010.09.18 08:52:56 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010.09.18 08:52:56 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.09.18 08:52:56 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010.09.18 08:52:56 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.09.18 08:52:56 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010.09.18 08:52:56 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.16 15:36:28 | 000,000,703 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.16 15:03:54 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\faNatic\Desktop\defogger.exe [2010.10.16 15:03:45 | 000,285,230 | ---- | C] () -- C:\Dokumente und Einstellungen\faNatic\Desktop\Gmer.zip [2010.10.10 10:52:16 | 000,281,826 | ---- | C] () -- C:\Dokumente und Einstellungen\faNatic\Eigene Dateien\darkstep.rns [2010.10.07 12:54:33 | 000,001,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.05.19 18:37:34 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010.04.29 19:26:02 | 000,000,917 | ---- | C] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini [2010.03.05 16:38:24 | 000,007,040 | ---- | C] () -- C:\WINDOWS\HWorks32.INI [2010.02.07 10:04:31 | 000,000,123 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.02.07 10:03:32 | 000,000,960 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini [2009.12.04 23:23:47 | 000,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\faNatic\Anwendungsdaten\PnkBstrK.sys [2009.12.04 23:23:47 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.09.12 10:36:22 | 018,015,723 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlc-1.0.1-win32.exe [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009.06.22 14:29:43 | 000,000,133 | ---- | C] () -- C:\WINDOWS\INpact_CSS_Hud_tweaker_1.19.INI [2009.04.19 03:10:21 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009.04.19 03:10:21 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009.04.19 03:10:21 | 000,000,698 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009.03.15 13:50:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2009.01.06 15:45:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll [2008.12.29 11:05:44 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008.12.02 20:31:08 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008.12.02 20:31:08 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008.11.09 16:20:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI [2008.11.04 15:41:41 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.10.14 11:08:01 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll [2008.10.02 16:32:07 | 000,001,920 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008.09.28 04:37:37 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll [2008.09.28 04:37:37 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll [2008.09.28 04:37:37 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll [2008.09.28 04:37:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll [2008.09.28 04:37:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll [2008.09.28 04:37:34 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2008.09.09 19:53:41 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll [2008.09.06 12:59:29 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.09.06 01:44:45 | 000,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll1 [2008.08.31 00:30:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008.08.14 20:33:19 | 000,000,273 | ---- | C] () -- C:\WINDOWS\game.ini [2008.08.05 01:00:26 | 000,004,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiowp.sys [2008.07.30 05:24:46 | 000,000,487 | ---- | C] () -- C:\WINDOWS\SStylerProDemo.ini [2008.06.24 22:18:28 | 000,058,368 | ---- | C] () -- C:\Dokumente und Einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.14 19:00:22 | 000,000,043 | ---- | C] () -- C:\WINDOWS\aspack.ini [2008.06.03 18:46:23 | 000,000,271 | ---- | C] () -- C:\WINDOWS\THPS3.INI [2008.06.01 13:13:03 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2008.05.08 11:16:12 | 000,043,563 | ---- | C] () -- C:\WINDOWS\php.ini [2008.05.03 20:19:24 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.05.02 13:07:04 | 002,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll [2008.05.01 21:13:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008.05.01 21:13:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.05.01 21:13:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.05.01 12:09:05 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.04.21 18:02:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2008.04.20 15:29:42 | 000,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys [2008.04.20 15:17:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL [2008.04.20 11:55:35 | 000,000,047 | ---- | C] () -- C:\WINDOWS\hwm.ini [2008.04.20 11:52:17 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2007.11.26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007.10.04 17:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.03.12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2007.01.05 22:36:55 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\smdll.dll [2007.01.05 22:36:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2007.01.02 01:15:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.09.21 19:10:04 | 000,121,562 | ---- | C] () -- C:\WINDOWS\System32\PicFormat32.dll [2004.08.04 02:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL [2001.08.23 14:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_006319_.tmp.dll [2001.08.23 14:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_006287_.tmp.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:242231A9 @Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B9D8E22 @Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86 @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:88050731 < End of report > |
|
18.10.2010, 08:56
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - (zlportio) -- E:\UltraStar\zlportio.sys File not found
DRV - (XDva093) -- C:\WINDOWS\System32\XDva093.sys File not found
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys File not found
DRV - (NTProcDrv) -- F:\Downloads\sro\SROBotEn1.97b\NtProcDrv.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (ByakkoDriver) -- C:\DOKUME~1\faNatic\LOKALE~1\Temp\72186468.09- File not found
DRV - (CEDRIVER55) -- C:\Programme\Cheat Engine\dbk32.sys ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O32 - AutoRun File - [2009.01.03 00:10:37 | 000,002,975 | ---- | M] () - F:\autoexec.cfg -- [ NTFS ]
O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell - "" = AutoRun
O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell\AutoRun\command - "" = J:\RunGame.exe -- File not found
O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell - "" = AutoRun
O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell\AutoRun\command - "" = I:\RunGame.exe -- File not found
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:242231A9
@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B9D8E22
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86
@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:88050731
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart |
|
18.10.2010, 11:47
| #7 |
| | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart All processes killed Error: Unable to interpret <DRV - (zlportio) -- E:\UltraStar\zlportio.sys File not found> in the current context! Error: Unable to interpret <DRV - (XDva093) -- C:\WINDOWS\System32\XDva093.sys File not found> in the current context! Error: Unable to interpret <DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys File not found> in the current context! Error: Unable to interpret <DRV - (NTProcDrv) -- F:\Downloads\sro\SROBotEn1.97b\NtProcDrv.sys File not found> in the current context! Error: Unable to interpret <DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found> in the current context! Error: Unable to interpret <DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found> in the current context! Error: Unable to interpret <DRV - (ByakkoDriver) -- C:\DOKUME~1\faNatic\LOKALE~1\Temp\72186468.09- File not found> in the current context! Error: Unable to interpret <DRV - (CEDRIVER55) -- C:\Programme\Cheat Engine\dbk32.sys ()> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.> in the current context! Error: Unable to interpret <O32 - AutoRun File - [2009.01.03 00:10:37 | 000,002,975 | ---- | M] () - F:\autoexec.cfg -- [ NTFS ]> in the current context! Error: Unable to interpret <O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell\AutoRun - "" = Auto&Play> in the current context! Error: Unable to interpret <O33 - MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\Shell\AutoRun\command - "" = J:\RunGame.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell\AutoRun - "" = Auto&Play> in the current context! Error: Unable to interpret <O33 - MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\Shell\AutoRun\command - "" = I:\RunGame.exe -- File not found> in the current context! Error: Unable to interpret <@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF> in the current context! Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:242231A9> in the current context! Error: Unable to interpret <@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B9D8E22> in the current context! Error: Unable to interpret <@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86> in the current context! Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:88050731> in the current context! ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: faNatic ->Temp folder emptied: 773480 bytes ->Temporary Internet Files folder emptied: 9037126 bytes ->Java cache emptied: 8295 bytes ->FireFox cache emptied: 6301907 bytes ->Opera cache emptied: 11854989 bytes ->Flash cache emptied: 1410 bytes User: Little Thing ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 82655 bytes RecycleBin emptied: 207 bytes Total Files Cleaned = 27.00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10182010_124028 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
18.10.2010, 12:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Du hast das Script falsch kopiert. Du musst alles inkl. dem ":OTL" mitkopieren! Mach es bitte nochmal!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2010, 15:52
| #9 |
| | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Ok tschuldige^^ Jetzt ist es hoffentlich richtig. Code:
ATTFilter All processes killed
========== OTL ==========
Service zlportio stopped successfully!
Service zlportio deleted successfully!
File E:\UltraStar\zlportio.sys File not found not found.
Service XDva093 stopped successfully!
Service XDva093 deleted successfully!
File C:\WINDOWS\System32\XDva093.sys File not found not found.
Service SANDRA stopped successfully!
Service SANDRA deleted successfully!
File C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys File not found not found.
Service NTProcDrv stopped successfully!
Service NTProcDrv deleted successfully!
File F:\Downloads\sro\SROBotEn1.97b\NtProcDrv.sys File not found not found.
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File D:\INSTALL\GMSIPCI.SYS File not found not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\WINDOWS\System32\drivers\EagleNT.sys File not found not found.
Service ByakkoDriver stopped successfully!
Service ByakkoDriver deleted successfully!
File C:\DOKUME~1\faNatic\LOKALE~1\Temp\72186468.09- File not found not found.
Service CEDRIVER55 stopped successfully!
Service CEDRIVER55 deleted successfully!
C:\Programme\Cheat Engine\dbk32.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ deleted successfully.
F:\autoexec.cfg moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a20ba52-9263-11dd-b183-001d7da9acbc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a20ba52-9263-11dd-b183-001d7da9acbc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a20ba52-9263-11dd-b183-001d7da9acbc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a20ba52-9263-11dd-b183-001d7da9acbc}\ not found.
File J:\RunGame.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5261543c-8ef9-11dd-811f-001d7da9acbc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5261543c-8ef9-11dd-811f-001d7da9acbc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5261543c-8ef9-11dd-811f-001d7da9acbc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5261543c-8ef9-11dd-811f-001d7da9acbc}\ not found.
File I:\RunGame.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:242231A9 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B9D8E22 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:88050731 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: faNatic
->Temp folder emptied: 165942 bytes
->Temporary Internet Files folder emptied: 2642497 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 8513583 bytes
->Flash cache emptied: 705 bytes
User: Little Thing
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82655 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 11.00 mb
OTL by OldTimer - Version 3.2.15.2 log created on 10182010_164616
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
18.10.2010, 18:13
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2010, 08:31
| #11 |
| | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei SystemstartCode:
ATTFilter ComboFix 10-10-18.01 - faNatic 19.10.2010 3:35.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\faNatic\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tiger Install
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tiger Install\{14E7E4C8-1017-4DB6-8587-84720FCE3D85}
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tiger Install\{14E7E4C8-1017-4DB6-8587-84720FCE3D85}.Dat
c:\dokumente und einstellungen\All Users\Anwendungsdaten\vlc-1.0.1-win32.exe
c:\programme\HyperCam Toolbar\tbHElper.dll
C:\start
c:\windows\system32\_006276_.tmp.dll
c:\windows\system32\_006277_.tmp.dll
c:\windows\system32\_006278_.tmp.dll
c:\windows\system32\_006279_.tmp.dll
c:\windows\system32\_006286_.tmp.dll
c:\windows\system32\_006287_.tmp.dll
c:\windows\system32\_006288_.tmp.dll
c:\windows\system32\_006289_.tmp.dll
c:\windows\system32\_006291_.tmp.dll
c:\windows\system32\_006292_.tmp.dll
c:\windows\system32\_006295_.tmp.dll
c:\windows\system32\_006296_.tmp.dll
c:\windows\system32\_006298_.tmp.dll
c:\windows\system32\_006299_.tmp.dll
c:\windows\system32\_006300_.tmp.dll
c:\windows\system32\_006302_.tmp.dll
c:\windows\system32\_006305_.tmp.dll
c:\windows\system32\_006306_.tmp.dll
c:\windows\system32\_006310_.tmp.dll
c:\windows\system32\_006311_.tmp.dll
c:\windows\system32\_006313_.tmp.dll
c:\windows\system32\_006316_.tmp.dll
c:\windows\system32\_006318_.tmp.dll
c:\windows\system32\_006319_.tmp.dll
c:\windows\system32\_006320_.tmp.dll
c:\windows\system32\_006321_.tmp.dll
c:\windows\system32\_006322_.tmp.dll
c:\windows\system32\_006325_.tmp.dll
c:\windows\system32\_006326_.tmp.dll
c:\windows\system32\_006327_.tmp.dll
c:\windows\system32\_006328_.tmp.dll
c:\windows\system32\_006329_.tmp.dll
c:\windows\system32\_006334_.tmp.dll
c:\windows\system32\_006336_.tmp.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\logs
c:\windows\system32\logs\Ad-Aware event.log
c:\windows\system32\system
c:\windows\system32\winlogon.bak
F:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-19 bis 2010-10-19 ))))))))))))))))))))))))))))))
.
2010-10-18 10:39 . 2010-10-18 10:39 -------- d-----w- C:\_OTL
2010-10-16 13:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 13:36 . 2010-10-16 13:36 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-10-16 13:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 23:57 . 2010-10-15 23:57 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-10-15 12:31 . 2010-10-15 12:31 -------- d-----w- c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Malwarebytes
2010-10-15 12:31 . 2010-10-15 12:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-15 09:41 . 2010-10-15 09:42 -------- d-----w- c:\windows\system32\NtmsData
2010-10-13 23:30 . 2010-09-18 06:52 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 23:25 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-07 12:16 . 2010-10-12 12:39 843576 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2010-09-26 20:03 . 2010-09-27 19:04 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB
2010-09-23 12:42 . 2010-09-23 12:42 95672 ----a-w- c:\programme\Mozilla Firefox\plugins\nppdf32.dll
2010-09-21 20:55 . 2010-09-21 20:55 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2010-09-07 1242448]
"NVIDIA nTune"="c:\programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"ESL Wire"="c:\programme\EslWire\wire.exe" [2010-10-12 7680000]
"ICQ"="c:\programme\ICQ7.1\ICQ.exe" [2010-08-22 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"cFosSpeed"="f:\programme\cFos\cFosSpeed.exe" [2008-07-03 867544]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"UnlockerAssistant"="c:\programme\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"LogMeIn Hamachi Ui"="c:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\programme\Vidalia Bundle\Vidalia\vidalia.exe" [2009-01-21 4033618]
"Steam"="e:\steam\Steam.exe" [2010-09-07 1242448]
c:\dokumente und einstellungen\faNatic\Startmen\Programme\Autostart\
Mousometer.lnk - f:\downloads\mousometer.exe [2008-7-9 140288]
c:\dokumente und einstellungen\faNatic\Startmen\Programme\Autostart\
Mousometer.lnk - f:\downloads\mousometer.exe [2008-7-9 140288]
c:\dokumente und einstellungen\faNatic\Startmen\Programme\Autostart\
Mousometer.lnk - f:\downloads\mousometer.exe [2008-7-9 140288]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-11-21 805392]
c:\dokumente und einstellungen\faNatic\Startmen\Programme\Autostart\
Mousometer.lnk - f:\downloads\mousometer.exe [2008-7-9 140288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Privoxy.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Verknüpfung mit ICQ Away Reader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Verknüpfung mit ICQ Away Reader.lnk
backup=c:\windows\pss\Verknüpfung mit ICQ Away Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^faNatic^Startmenü^Programme^Autostart^Xfire.lnk]
path=c:\dokumente und einstellungen\faNatic\Startmenü\Programme\Autostart\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\programme\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2010-10-12 13:51 7680000 ----a-w- c:\programme\EslWire\wire.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\programme\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]
2009-05-19 11:49 3449344 -c--a-w- c:\progra~1\RouterControl\RouterControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-06-03 13:08 21718312 -c--a-r- c:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 -csha-r- c:\programme\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\programme\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\programme\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ESL Wire"="c:\programme\EslWire\wire.exe" --tray
"NVIDIA nTune"="c:\programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Apps\\2.0\\G5RT8ODB.KXL\\WEG00MPM.3QZ\\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\\tools\\AA_Utility_FileDownloader.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Apps\\2.0\\G5RT8ODB.KXL\\WEG00MPM.3QZ\\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\\AALogReader.exe"=
"c:\\Dokumente und Einstellungen\\Little Thing\\Lokale Einstellungen\\Apps\\2.0\\2NGZAY6M.C8Q\\0QDCD9N6.2CW\\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\\tools\\AA_Utility_FileDownloader.exe"=
"c:\\Dokumente und Einstellungen\\Little Thing\\Lokale Einstellungen\\Apps\\2.0\\2NGZAY6M.C8Q\\0QDCD9N6.2CW\\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\\AALogReader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"e:\\Quake III Arena\\quake3.exe"=
"c:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Xfire\\xfire.exe"=
"e:\\Call of Duty 4\\iw3mp.exe"=
"f:\\Downloads\\CryptLoad_1.1.5\\RouterClient.exe"=
"e:\\Alaplaya\\S4League\\S4Client.exe"=
"c:\\Programme\\Ventrilo\\Ventrilo.exe"=
"c:\\Programme\\HLSW\\hlsw.exe"=
"f:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Dokumente und Einstellungen\\faNatic\\Lokale Einstellungen\\Anwendungsdaten\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Prototype\\prototypef.exe"=
"c:\\Programme\\EslWire\\wire.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"f:\\League of Legends\\Air\\LolClient.exe"=
"f:\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Programme\\ICQ7.1\\ICQ.exe"=
"c:\\Programme\\ICQ7.1\\aolload.exe"=
"e:\\Steam\\Steam.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"e:\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"f:\\TmNationsForever\\TmForever.exe"=
"e:\\Warcraft III\\War3.exe"=
"e:\\Counter Strike Zeug\\Counter-Strike 1.6 V35\\hl.exe"=
"e:\\Steam\\steamapps\\rook934439\\counter-strike source\\hl2.exe"=
"e:\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"e:\\Steam\\steamapps\\rook934439\\counterstrike source beta\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:littlething.no-ip.biz
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6890:TCP"= 6890:TCP:League of Legends Launcher
"6890:UDP"= 6890:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 DigiCellDriver;DigiCellDriver;c:\programme\MSI\DualCoreCenter\NTGLM7X.sys [2006-10-05 27648]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2006-11-08 4544]
R3 krait03;Razer krait USB Filter Driver;c:\windows\system32\Drivers\krait.sys [2005-12-07 13324]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-11 3461904]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\windows\system32\PLCMPR5.SYS [2004-04-26 18432]
R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2004-04-26 17280]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-11-23 18432]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-10 691696]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-01-23 33824]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 Apache2.2;Apache2.2;f:\appserv\Apache2.2\bin\httpd.exe [2008-01-17 24635]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2010-10-12 843576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 NTIOWP;NTIOWP; [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-19 4446752]
S2 PStrip;PStrip;c:\windows\system32\DRIVERS\PSTRIP.SYS [2004-11-09 21968]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-09-30 2368]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2009-12-03 24504]
S3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-08-21 57248]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - uphcleanhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-10-18 c:\windows\Tasks\User_Feed_Synchronization-{2EC99488-57A7-4E6A-B470-2A1129B66C9E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{A0AB7559-CCBD-4E9E-BF64-04BDEDC60467}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\faNatic\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\programme\ICQ7.1\ICQ.exe
TCP: {14905B93-88AF-47ED-A6FA-56D0DD97D8F3} = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - component: c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\dokumente und einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS1002170_SUA_000\npoctoshape.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Picasa2\npPicasa2.dll
FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
MSConfigStartUp-Advanced SystemCare 3 - c:\programme\IObit\Advanced SystemCare 3\AWC.exe
MSConfigStartUp-AGSeyApp - c:\programme\AGSeydsApp\AGSeyApp.exe
MSConfigStartUp-AVP - c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
MSConfigStartUp-DAEMON Tools-1033 - c:\programme\D-Tools\daemon.exe
MSConfigStartUp-ICQ - c:\programme\ICQ6.5\ICQ.exe
AddRemove-FlyForInfinity-Installer - f:\fly for infinity\Uninstal.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
AddRemove-Octoshape Streaming Services - c:\dokumente und einstellungen\faNatic\Lokale Einstellungen\Anwendungsdaten\Octoshape\Octoshape Streaming Services\uninst.exe
[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-583907252-1958367476-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1520)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\antiwpa.dll
.
Zeit der Fertigstellung: 2010-10-19 09:29:57
ComboFix-quarantined-files.txt 2010-10-19 07:29
Vor Suchlauf: 1.669.001.216 Bytes frei
Nach Suchlauf: 1.666.641.920 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
Current=8 Default=8 Failed=1 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 3928F6E4E15849A1AA7E9A53B919702D
|
|
19.10.2010, 10:15
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"=-
Driver::
NTIOWP
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2010, 11:36
| #13 |
| | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei SystemstartCode:
ATTFilter ComboFix 10-10-18.03 - faNatic 19.10.2010 12:17:04.2.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\faNatic\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\faNatic\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTIOWP
-------\Service_NTIOWP
((((((((((((((((((((((( Dateien erstellt von 2010-09-19 bis 2010-10-19 ))))))))))))))))))))))))))))))
.
2010-10-19 10:25 . 2010-10-19 10:25 -------- d-----w- c:\windows\system32\logs
2010-10-18 10:39 . 2010-10-18 10:39 -------- d-----w- C:\_OTL
2010-10-16 13:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 13:36 . 2010-10-16 13:36 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-10-16 13:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 23:57 . 2010-10-15 23:57 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-10-15 12:31 . 2010-10-15 12:31 -------- d-----w- c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Malwarebytes
2010-10-15 12:31 . 2010-10-15 12:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-15 09:41 . 2010-10-15 09:42 -------- d-----w- c:\windows\system32\NtmsData
2010-10-13 23:30 . 2010-09-18 06:52 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 23:25 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-07 12:16 . 2010-10-12 12:39 843576 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2010-09-26 20:03 . 2010-09-27 19:04 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB
2010-09-23 12:42 . 2010-09-23 12:42 95672 ----a-w- c:\programme\Mozilla Firefox\plugins\nppdf32.dll
2010-09-21 20:55 . 2010-09-21 20:55 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2010-09-07 1242448]
"NVIDIA nTune"="c:\programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"ESL Wire"="c:\programme\EslWire\wire.exe" [2010-10-12 7680000]
"ICQ"="c:\programme\ICQ7.1\ICQ.exe" [2010-08-22 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"cFosSpeed"="f:\programme\cFos\cFosSpeed.exe" [2008-07-03 867544]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"UnlockerAssistant"="c:\programme\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"LogMeIn Hamachi Ui"="c:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\programme\Vidalia Bundle\Vidalia\vidalia.exe" [2009-01-21 4033618]
"Steam"="e:\steam\Steam.exe" [2010-09-07 1242448]
c:\dokumente und einstellungen\faNatic\Startmen\Programme\Autostart\
Mousometer.lnk - f:\downloads\mousometer.exe [2008-7-9 140288]
c:\dokumente und einstellungen\faNatic\Startmen\Programme\Autostart\
Mousometer.lnk - f:\downloads\mousometer.exe [2008-7-9 140288]
c:\dokumente und einstellungen\faNatic\Startmen\Programme\Autostart\
Mousometer.lnk - f:\downloads\mousometer.exe [2008-7-9 140288]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-11-21 805392]
c:\dokumente und einstellungen\faNatic\Startmen\Programme\Autostart\
Mousometer.lnk - f:\downloads\mousometer.exe [2008-7-9 140288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Privoxy.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Verknüpfung mit ICQ Away Reader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Verknüpfung mit ICQ Away Reader.lnk
backup=c:\windows\pss\Verknüpfung mit ICQ Away Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^faNatic^Startmenü^Programme^Autostart^Xfire.lnk]
path=c:\dokumente und einstellungen\faNatic\Startmenü\Programme\Autostart\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\programme\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2010-10-12 13:51 7680000 ----a-w- c:\programme\EslWire\wire.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\programme\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]
2009-05-19 11:49 3449344 -c--a-w- c:\progra~1\RouterControl\RouterControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-06-03 13:08 21718312 -c--a-r- c:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 -csha-r- c:\programme\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\programme\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\programme\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ESL Wire"="c:\programme\EslWire\wire.exe" --tray
"NVIDIA nTune"="c:\programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Apps\\2.0\\G5RT8ODB.KXL\\WEG00MPM.3QZ\\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\\tools\\AA_Utility_FileDownloader.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Apps\\2.0\\G5RT8ODB.KXL\\WEG00MPM.3QZ\\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\\AALogReader.exe"=
"c:\\Dokumente und Einstellungen\\Little Thing\\Lokale Einstellungen\\Apps\\2.0\\2NGZAY6M.C8Q\\0QDCD9N6.2CW\\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\\tools\\AA_Utility_FileDownloader.exe"=
"c:\\Dokumente und Einstellungen\\Little Thing\\Lokale Einstellungen\\Apps\\2.0\\2NGZAY6M.C8Q\\0QDCD9N6.2CW\\aalo..tion_eb787c7e256950f2_0000.0005_9c89ec97ca972792\\AALogReader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"e:\\Quake III Arena\\quake3.exe"=
"c:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Xfire\\xfire.exe"=
"e:\\Call of Duty 4\\iw3mp.exe"=
"f:\\Downloads\\CryptLoad_1.1.5\\RouterClient.exe"=
"e:\\Alaplaya\\S4League\\S4Client.exe"=
"c:\\Programme\\Ventrilo\\Ventrilo.exe"=
"c:\\Programme\\HLSW\\hlsw.exe"=
"f:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Dokumente und Einstellungen\\faNatic\\Lokale Einstellungen\\Anwendungsdaten\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Prototype\\prototypef.exe"=
"c:\\Programme\\EslWire\\wire.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"f:\\League of Legends\\Air\\LolClient.exe"=
"f:\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Programme\\ICQ7.1\\ICQ.exe"=
"c:\\Programme\\ICQ7.1\\aolload.exe"=
"e:\\Steam\\Steam.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"e:\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"f:\\TmNationsForever\\TmForever.exe"=
"e:\\Warcraft III\\War3.exe"=
"e:\\Counter Strike Zeug\\Counter-Strike 1.6 V35\\hl.exe"=
"e:\\Steam\\steamapps\\rook934439\\counter-strike source\\hl2.exe"=
"e:\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"e:\\Steam\\steamapps\\rook934439\\counterstrike source beta\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6890:TCP"= 6890:TCP:League of Legends Launcher
"6890:UDP"= 6890:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 DigiCellDriver;DigiCellDriver;c:\programme\MSI\DualCoreCenter\NTGLM7X.sys [2006-10-05 27648]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2006-11-08 4544]
R3 krait03;Razer krait USB Filter Driver;c:\windows\system32\Drivers\krait.sys [2005-12-07 13324]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-11 3461904]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\windows\system32\PLCMPR5.SYS [2004-04-26 18432]
R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2004-04-26 17280]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-11-23 18432]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-10 691696]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-01-23 33824]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 Apache2.2;Apache2.2;f:\appserv\Apache2.2\bin\httpd.exe [2008-01-17 24635]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2010-10-12 843576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-19 4446752]
S2 PStrip;PStrip;c:\windows\system32\DRIVERS\PSTRIP.SYS [2004-11-09 21968]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-09-30 2368]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2009-12-03 24504]
S3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-08-21 57248]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - uphcleanhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-10-18 c:\windows\Tasks\User_Feed_Synchronization-{2EC99488-57A7-4E6A-B470-2A1129B66C9E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{A0AB7559-CCBD-4E9E-BF64-04BDEDC60467}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\faNatic\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\programme\ICQ7.1\ICQ.exe
TCP: {14905B93-88AF-47ED-A6FA-56D0DD97D8F3} = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - component: c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\faNatic\Anwendungsdaten\Mozilla\Firefox\Profiles\46bz0f3o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-583907252-1958367476-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1520)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2476)
c:\programme\Logitech\SetPoint\GameHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programme\Lavasoft\Ad-Aware\aawservice.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
f:\programme\cFos\spd.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\NetLimiter 2 Pro\nlsvc.exe
c:\programme\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\programme\UPHClean\uphclean.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programme\NetLimiter 2 Pro\NLClient.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\RUNDLL32.EXE
c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
c:\programme\EslWire\dbus-daemon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-19 12:35:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-19 10:35
ComboFix2.txt 2010-10-19 07:29
Vor Suchlauf: 1.686.798.336 Bytes frei
Nach Suchlauf: 1.486.172.160 Bytes frei
Current=8 Default=8 Failed=1 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 08855EDFD04749A6F3C1110EA6A8DD40
|
|
19.10.2010, 12:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu ...Anwendungsdaten\Adobe\Manager.exe Fehlermeldung bei Systemstart |
| adobe, andere, angezeigt, brauch, einiger, erklärt, fehler, fehlermeldung, krieg, langsam, malware, malwarebytes, problem, probleme, programm, programme, scan, schei, sorge, startup, systems, systemstart, thema, thread, virenscan |
Linear-Darstellung
