Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: AdobeUpdate.exe

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 - als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 21.11.2010, 17:04   #1
MoeJoe666
 
AdobeUpdate.exe - Standard

Problem: AdobeUpdate.exe



Hey Leute,

seit einigen Tage plage ich mich mit der "AdobeUpdate.exe" rum, die vermehrt in den Prozessen auftaucht - je länger der PC läuft, desto öfter tritt diese exe auf. Das ist natürlich eine nervige Angelegenheit, da früher oder später die Prozessorleistung drastisch darunter leidet.
Habe eine Menge gegooglet, hab' aber nichts gefunden, das meinem Problem entspricht.


Hier die OTL-Logs:

OTL logfile created on: 21.11.2010 17:44:21 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,76 Gb Total Space | 189,10 Gb Free Space | 40,60% Space Free | Partition Type: NTFS

Computer Name: MOEJOE-QMZWNXHL | User Name: Nargaroth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Adobe\AdobeUpdate.exe ()
PRC - C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\et3ypes.exe ()
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Prio\prio_svc.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\mgking0.dll ()
MOD - C:\WINDOWS\redirsm.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Prio\prio.dll (O&K Software)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (prio_svc) -- C:\Programme\Prio\prio_svc.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
DRV - (MSICPL) -- D:\install4\MSICPL.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (ESLWireAC) -- C:\WINDOWS\system32\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (prio) -- C:\WINDOWS\System32\drivers\prio.sys (Xeno)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (ESLvnic1) -- C:\WINDOWS\system32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LGPBTDD) -- C:\WINDOWS\system32\drivers\LGPBTDD.sys (Logitech Inc.)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.12 23:45:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 12:36:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2010.08.24 14:59:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins

[2009.10.28 19:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Extensions
[2010.11.19 19:36:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Firefox\Profiles\l6ano309.default\extensions
[2010.04.27 22:33:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Firefox\Profiles\l6ano309.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.03 18:01:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Firefox\Profiles\l6ano309.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.02 15:50:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Firefox\Profiles\l6ano309.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.10.26 17:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Firefox\Profiles\l6ano309.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.27 15:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Firefox\Profiles\l6ano309.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.24 14:59:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Sunbird\Profiles\l8l37lbk.default\extensions
[2010.11.17 11:56:34 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Mozilla\Firefox\Profiles\l6ano309.default\searchplugins\icqplugin.xml
[2010.11.19 19:36:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.07.23 00:58:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 00:58:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 00:58:15 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 00:58:15 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 00:58:15 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.11.01 00:54:29 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe File not found
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKCU..\Run: [akhdfiusdf.exe] C:\akhdfiusdf.exe\akhdfiusdf.exe ()
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SetPointII.lnk = C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Nargaroth\Startmenü\Programme\Autostart\AdbUpd.lnk = C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Adobe\AdobeUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (prio.dll) - C:\Programme\Prio\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.28 17:29:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.11.21 17:44:18 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{48a7bfa3-c6dd-11de-8209-00508dbb4091}\Shell\AutoRun\command - "" = E:\biriprg.exe -- File not found
O33 - MountPoints2\{48a7bfa3-c6dd-11de-8209-00508dbb4091}\Shell\open\Command - "" = E:\biriprg.exe -- File not found
O33 - MountPoints2\{50069463-c56f-11de-8204-00508dbb4091}\Shell\AutoRun\command - "" = E:\kyme.exe -- File not found
O33 - MountPoints2\{50069463-c56f-11de-8204-00508dbb4091}\Shell\open\Command - "" = E:\kyme.exe -- File not found
O33 - MountPoints2\{54536a90-e579-11de-8233-00508dbb4091}\Shell\AutoRun\command - "" = E:\et3ypes.exe -- File not found
O33 - MountPoints2\{54536a90-e579-11de-8233-00508dbb4091}\Shell\open\Command - "" = E:\et3ypes.exe -- File not found
O33 - MountPoints2\{cfa09537-c3e3-11de-9288-806d6172696f}\Shell\AutoRun\command - "" = C:\et3ypes.exe -- [2010.11.16 17:48:28 | 000,177,664 | RHS- | M] ()
O33 - MountPoints2\{cfa09537-c3e3-11de-9288-806d6172696f}\Shell\open\Command - "" = C:\et3ypes.exe -- [2010.11.16 17:48:28 | 000,177,664 | RHS- | M] ()
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\c2e.exe -- File not found
O33 - MountPoints2\C\Shell\open\Command - "" = C:\c2e.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Ctrun\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: jvieInst - (C:\WINDOWS\redirsm.dll) - C:\WINDOWS\redirsm.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.11.21 16:14:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.11.21 15:48:13 | 000,729,464 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Nargaroth\Desktop\autoruns.exe
[2010.11.09 21:00:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\Runes of Magic
[2010.11.09 19:36:50 | 000,000,000 | ---D | C] -- C:\Programme\Runes of Magic
[2010.11.09 15:59:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\FOG Downloader
[2010.11.04 13:21:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Anwendungsdaten\Octoshape
[2010.11.03 18:18:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\EPSON
[2010.10.29 17:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Avira
[2010.10.29 17:36:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.10.29 17:36:54 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.10.29 17:36:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.10.29 17:36:54 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.10.29 17:36:54 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.10.29 17:36:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.10.26 17:16:39 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.10.26 17:16:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.10.26 17:15:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Anwendungsdaten\AOL
[2010.10.26 17:15:18 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.10.23 19:29:44 | 000,841,912 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2009.10.28 18:03:51 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.21 17:44:43 | 000,000,061 | RHS- | M] () -- C:\autorun.inf
[2010.11.21 17:44:06 | 000,000,862 | ---- | M] () -- C:\Dokumente und Einstellungen\Nargaroth\Startmenü\Programme\Autostart\AdbUpd.lnk
[2010.11.21 16:42:53 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\prio.ini
[2010.11.21 16:24:17 | 000,116,224 | RHS- | M] () -- C:\WINDOWS\System32\mgking0.dll
[2010.11.21 16:24:11 | 000,273,363 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.11.21 16:24:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.21 11:48:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.20 23:52:59 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-00291102}.rfx
[2010.11.20 23:52:59 | 000,053,948 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00291102}.rfx
[2010.11.20 23:52:59 | 000,053,948 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-00291102}.rfx
[2010.11.20 23:52:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.11.20 23:52:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.11.17 18:21:27 | 000,056,832 | -H-- | M] () -- C:\WINDOWS\redirsm.dll
[2010.11.16 19:40:50 | 000,056,832 | -H-- | M] () -- C:\WINDOWS\System32\redirsm.dll
[2010.11.16 19:16:05 | 000,016,881 | ---- | M] () -- C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\7DC827610C8D2671809F3647B7B0F1B7.pdf
[2010.11.16 17:48:30 | 000,116,224 | RHS- | M] () -- C:\WINDOWS\System32\mgking1.dll
[2010.11.16 17:48:28 | 000,177,664 | RHS- | M] () -- C:\WINDOWS\System32\mgking.exe
[2010.11.16 17:48:28 | 000,177,664 | RHS- | M] () -- C:\et3ypes.exe
[2010.11.14 16:20:20 | 000,200,704 | ---- | M] () -- C:\Dokumente und Einstellungen\Nargaroth\Desktop\GT5 Carlist v2.xls
[2010.11.14 16:19:58 | 000,064,316 | ---- | M] () -- C:\Dokumente und Einstellungen\Nargaroth\Desktop\GT5 Carlist v2.xlsx
[2010.11.10 18:19:51 | 000,177,664 | RHS- | M] () -- C:\cbbw88s.exe
[2010.11.10 15:54:07 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010.11.09 19:47:54 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Nargaroth\Desktop\Runes of Magic.lnk
[2010.11.06 09:57:49 | 000,176,128 | RHS- | M] () -- C:\egmjjb.exe
[2010.11.03 07:52:59 | 000,153,088 | RHS- | M] () -- C:\9keibj.exe
[2010.11.01 16:23:05 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.31 13:09:34 | 000,484,634 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.31 13:09:34 | 000,462,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.31 13:09:34 | 000,079,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.31 13:09:33 | 000,095,480 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.23 19:29:43 | 000,000,621 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ESL Wire.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.21 13:10:51 | 000,000,862 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Startmenü\Programme\Autostart\AdbUpd.lnk
[2010.11.21 12:17:05 | 000,200,704 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Desktop\GT5 Carlist v2.xls
[2010.11.21 12:17:05 | 000,064,316 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Desktop\GT5 Carlist v2.xlsx
[2010.11.17 18:21:27 | 000,056,832 | -H-- | C] () -- C:\WINDOWS\redirsm.dll
[2010.11.16 19:40:50 | 000,056,832 | -H-- | C] () -- C:\WINDOWS\System32\redirsm.dll
[2010.11.16 19:16:34 | 000,016,881 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\7DC827610C8D2671809F3647B7B0F1B7.pdf
[2010.11.16 17:48:56 | 000,177,664 | RHS- | C] () -- C:\et3ypes.exe
[2010.11.16 17:48:30 | 000,116,224 | RHS- | C] () -- C:\WINDOWS\System32\mgking1.dll
[2010.11.14 22:35:06 | 002,236,046 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\TuningGuide.pdf
[2010.11.14 22:35:06 | 001,517,853 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\TuningGuidePart2.pdf
[2010.11.10 18:20:19 | 000,177,664 | RHS- | C] () -- C:\cbbw88s.exe
[2010.11.10 18:19:52 | 000,177,664 | RHS- | C] () -- C:\WINDOWS\System32\mgking.exe
[2010.11.10 18:19:52 | 000,116,224 | RHS- | C] () -- C:\WINDOWS\System32\mgking0.dll
[2010.11.09 19:47:55 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Desktop\Runes of Magic.lnk
[2010.11.06 09:58:18 | 000,176,128 | RHS- | C] () -- C:\egmjjb.exe
[2010.11.03 07:53:28 | 000,153,088 | RHS- | C] () -- C:\9keibj.exe
[2010.09.16 02:02:44 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.07.23 02:31:16 | 000,000,873 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\prio.ini
[2010.06.17 14:25:43 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.03.26 15:41:40 | 000,086,445 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010.03.26 15:41:40 | 000,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010.03.26 15:18:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2010.03.06 23:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2010.03.06 23:20:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mupkernps11.dll
[2010.02.06 19:32:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2010.02.02 01:20:46 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.12.02 19:42:51 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.11.29 13:06:20 | 000,000,179 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\setup.log
[2009.11.29 13:06:18 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\setup_ldm.iss
[2009.11.02 17:14:08 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.11.02 17:14:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.11.02 17:14:07 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.10.31 01:53:05 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.30 18:09:13 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.28 18:25:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX8400DEFGIPS.ini
[2009.10.28 18:13:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009.10.28 18:11:31 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2009.10.28 18:04:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.10.28 18:02:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2009.10.28 17:50:00 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009.10.28 17:49:58 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2009.10.28 17:49:58 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2009.10.28 17:49:58 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009.10.28 17:11:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.27 20:04:44 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009.08.27 20:04:32 | 000,811,835 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009.08.27 20:03:52 | 004,456,201 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009.08.25 19:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009.08.25 18:38:04 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009.08.25 17:56:56 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.08.25 17:37:02 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.06.02 18:15:44 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009.06.02 18:15:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009.06.02 18:15:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009.06.02 18:14:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009.06.02 18:14:30 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009.06.02 18:13:58 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009.06.02 18:13:50 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009.06.02 18:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009.06.02 18:11:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.01.10 23:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009.01.10 23:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009.01.10 23:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009.01.10 23:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009.01.10 23:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009.01.10 23:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009.01.10 23:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009.01.10 23:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009.01.10 23:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009.01.10 23:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.02.28 06:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006.05.24 06:00:48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005.07.26 22:13:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005.06.07 14:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

========== LOP Check ==========

[2010.06.17 14:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2009.10.28 18:47:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.02.05 19:20:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESL Wire
[2010.10.26 17:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.12.12 16:30:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2010.02.19 23:13:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.06.26 15:12:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2010.06.25 12:48:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C5DC7790-2578-4D98-812E-B4398BD53877}
[2009.11.01 15:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\com.adobe.ExMan
[2010.06.17 14:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\DAEMON Tools Lite
[2010.07.27 15:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.11.03 18:18:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\EPSON
[2010.06.12 01:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Facebook
[2010.11.20 19:07:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\FileZilla
[2010.11.09 15:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\FOG Downloader
[2010.09.27 13:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\HLSW
[2010.11.21 17:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\ICQ
[2010.08.11 16:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\id Software
[2010.03.31 12:18:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Leadertech
[2009.11.07 14:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\MobMapUpdater
[2010.09.27 11:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Notepad++
[2009.11.08 03:30:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Octoshape
[2009.12.12 16:34:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Publish Providers
[2009.12.12 16:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Sony
[2009.12.12 16:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Sony Creative Software
[2009.12.11 19:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Sony Setup
[2009.12.26 18:55:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\TS3Client

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CE2C623F
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

< End of report >





OTL Extra-Log:

OTL Extras logfile created on: 21.11.2010 17:44:21 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,76 Gb Total Space | 189,10 Gb Free Space | 40,60% Space Free | Partition Type: NTFS

Computer Name: MOEJOE-QMZWNXHL | User Name: Nargaroth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Programme\Gamers.IRC\mirc.exe" = C:\Programme\Gamers.IRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ -- File not found
"C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Dokumente und Einstellungen\Nargaroth\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\half-life 2 deathmatch\hl2.exe" = C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Electronic Arts\Need for Speed ProStreet\nfs.exe" = C:\Programme\Electronic Arts\Need for Speed ProStreet\nfs.exe:*:Enabled:nfs -- File not found
"C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\source sdk base\hl2.exe" = C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe" = C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:*:Enabled:splintercell3 -- File not found
"C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\Downloads\CS_1.6_bots__HLTV\Files to Extract\counter-strike\hltv.exe" = C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\Downloads\CS_1.6_bots__HLTV\Files to Extract\counter-strike\hltv.exe:*:Enabled:HLTV Launcher -- File not found
"C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\dedicated server\hltv.exe" = C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\dedicated server\hltv.exe:*:Enabled:HLTV Launcher -- (Valve)
"C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\Downloads\gamin16\gamin16\gameunp.exe" = C:\Dokumente und Einstellungen\Nargaroth\Eigene Dateien\Downloads\gamin16\gamin16\gameunp.exe:*:Enabled:gameunp -- ()
"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Programme\EslWire\wire.exe" = C:\Programme\EslWire\wire.exe:*:Enabled:ESL Wire Client -- (Turtle Entertainment GmbH)
"C:\Programme\HLSW\hlsw.exe" = C:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW Application -- (Stripf Software)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam 732897 -- (Valve Corporation)
"C:\Programme\m2ftp\m2ftp.exe" = C:\Programme\m2ftp\m2ftp.exe:*:Enabled:m2ftp -- (mquadr.at software engineering)
"C:\Programme\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = C:\Programme\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Programme\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Programme\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\dedicated server\hlds.exe" = C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\dedicated server\hlds.exe:*:Enablededicated Server -- (Valve)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Runes of Magic\Client.exe" = C:\Programme\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)
"C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\blackmetalistkrieg@web.de\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A71E905-8833-45BF-8DA9-5D4558079258}" = Pay-Per-Frag GameClient
"{0B26A979-EC68-4624-A647-98A506CEE048}" = GoGear Mix Device Manager
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{123F407A-BAD1-425F-9C17-334FB6DDC339}" = GoGear Mix Device Manager
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2258EB2F-185C-43A0-BD05-F8717375A70B}" = Vegas Pro 9.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65882AC5-AAA2-40F1-A356-BB1C6833C016}" = m2ftp
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B97935E9-3B73-4D24-88C3-D67AA4284EB6}" = Aequitas File Checker
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Batch Converter" = Advanced Batch Converter
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESL Wire_is1" = ESL Wire 1.8.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXCEL" = Microsoft Office Excel 2007
"FileZilla Client" = FileZilla Client 3.3.2
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Gamers.IRC" = Gamers.IRC 5.30
"GCFScape_is1" = GCFScape 1.6.6
"GeoGebra" = GeoGebra
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0
"m2ftp" = m2ftp
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDL ISIS Draw 2.5 Standalone" = MDL ISIS Draw 2.5 Standalone
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuPAD Pro 2.0" = MuPAD Pro 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Prio" = Prio
"Steam App 10" = Counter-Strike
"Steam App 11020" = TrackMania Nations Forever
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 5" = Dedicated Server
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VentriloMIX" = VentriloMIX
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape Streaming Services" = Octoshape Streaming Services
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.11.2010 13:01:19 | Computer Name = MOEJOE-QMZWNXHL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung lcdmovieviewer.exe, Version 3.1.180.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000001.

Error - 19.11.2010 13:40:08 | Computer Name = MOEJOE-QMZWNXHL | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff

Error - 19.11.2010 13:40:36 | Computer Name = MOEJOE-QMZWNXHL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .

Error - 20.11.2010 05:44:15 | Computer Name = MOEJOE-QMZWNXHL | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff

Error - 21.11.2010 06:49:00 | Computer Name = MOEJOE-QMZWNXHL | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff

Error - 21.11.2010 06:49:31 | Computer Name = MOEJOE-QMZWNXHL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .

Error - 21.11.2010 07:17:25 | Computer Name = MOEJOE-QMZWNXHL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung lcdmovieviewer.exe, Version 3.1.180.0, fehlgeschlagenes
Modul lcdmovieviewer.exe, Version 3.1.180.0, Fehleradresse 0x00001d17.

Error - 21.11.2010 11:24:29 | Computer Name = MOEJOE-QMZWNXHL | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff

Error - 21.11.2010 11:24:51 | Computer Name = MOEJOE-QMZWNXHL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .

Error - 21.11.2010 12:40:16 | Computer Name = MOEJOE-QMZWNXHL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung lcdmovieviewer.exe, Version 3.1.180.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000057.

[ OSession Events ]
Error - 21.06.2010 06:56:36 | Computer Name = MOEJOE-QMZWNXHL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1830
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12.11.2010 12:29:32 | Computer Name = MOEJOE-QMZWNXHL | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{66B65AB4-EE77-4CD1-94BF-5632FBA17841} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 18.11.2010 12:00:15 | Computer Name = MOEJOE-QMZWNXHL | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 18.11.2010 12:00:15 | Computer Name = MOEJOE-QMZWNXHL | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 18.11.2010 12:15:15 | Computer Name = MOEJOE-QMZWNXHL | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 30
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 18.11.2010 12:15:15 | Computer Name = MOEJOE-QMZWNXHL | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 18.11.2010 12:45:15 | Computer Name = MOEJOE-QMZWNXHL | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 60
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 18.11.2010 12:45:15 | Computer Name = MOEJOE-QMZWNXHL | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 59 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 19.11.2010 13:05:36 | Computer Name = MOEJOE-QMZWNXHL | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.

Error - 20.11.2010 05:46:44 | Computer Name = MOEJOE-QMZWNXHL | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{66B65AB4-EE77-4CD1-94BF-5632FBA17841} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 20.11.2010 14:00:50 | Computer Name = MOEJOE-QMZWNXHL | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{66B65AB4-EE77-4CD1-94BF-5632FBA17841} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.


< End of report >



Malwarebytes-Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5163

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

21.11.2010 17:58:20
mbam-log-2010-11-21 (17-58-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142620
Laufzeit: 3 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 47

Infizierte Speicherprozesse:
C:\et3ypes.exe (Spyware.OnlineGames) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\WINDOWS\system32\mgking0.dll (Spyware.OnlineGames) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\akhdfiusdf.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\king_mg (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\akhdfiusdf.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\akhdfiusdf.exe\akhdfiusdf.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\cbbw88s.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\i8gcgmg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\kyme.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\r3x0k.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\cleansweepupd.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log2963531 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3062921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3159515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3257515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3355515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3453515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3551515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3649515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3748921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3845515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log3943531 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4042921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4140921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4238921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4336921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4434921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4532921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4630921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4728921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4826921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log4925515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log5023515 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log5122921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log5220921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log5318921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log5418921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\akhdfiusdf.exe\err.log5516921 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\et3ypes.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Nargaroth\Startmenü\Programme\Autostart\AdbUpd.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\9keibj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgking0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mgking1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgking.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Temp\0.48329245068875704.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Temp\mgking0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Temp\mgking1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Nargaroth\Lokale Einstellungen\Temp\mgking.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\egmjjb.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.


Ich hoffe, dass ich alle Regeln beachtet habe.

MfG MoeJoe

Alt 21.11.2010, 18:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdobeUpdate.exe - Standard

AdobeUpdate.exe Anleitung / Hilfe



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 21.11.2010, 19:03   #3
MoeJoe666
 
AdobeUpdate.exe - Standard

AdobeUpdate.exe Details



Danke,

wie es aussieht hat sich das Problem nach dem Malewarebytes-Durchlauf gelöst. Es lag wohl an den trojanerinfizierten Dateien, von denen ich bis dato nichts wusste.
Wenn das Problem in Zukunft nochmals auftreten sollte, werde ich mich hier nocheinmal mit einem vollständigen Scan melden.

MfG MoeJoe
__________________

Antwort

Themen zu AdobeUpdate.exe
0x00000001, adobeupdate.exe, alternate, antivir, avira, bho, converter, desktop, error, excel, firefox, firefox.exe, flash player, hijack, hijackthis, home, launch, location, logfile, microsoft office word, mozilla, mp3, netzwerk, oldtimer, otl.exe, pc läuft, problem, prozess, prozesse, registry, rundll, safer networking, saver, scan, sched.exe, searchplugins, security, server, shell32.dll, software, sptd.sys, spyware.onlinegames, system restore, teamspeak, trojan.spyeyes, web.de, windows internet



Zum Thema AdobeUpdate.exe - Hey Leute, seit einigen Tage plage ich mich mit der "AdobeUpdate.exe" rum, die vermehrt in den Prozessen auftaucht - je länger der PC läuft, desto öfter tritt diese exe auf. - AdobeUpdate.exe...
Archiv
Du betrachtest: AdobeUpdate.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.