Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   mehrere probleme (ursachensuche) (https://www.trojaner-board.de/56137-mehrere-probleme-ursachensuche.html)

ispott 17.07.2008 06:42
mehrere probleme (ursachensuche)
 
[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
http://www.smilies.4-user.de/include...lie_be_027.gif
[/edit]

Silent sharK 17.07.2008 07:28
Hallo,
notiere dir nächstes mal bitte den Fehlercode des Bluescreens, dazu kannst du auch den automatischen Neustart deaktivieren.

Ansonsten mache bitte folgendes:

Deckards System Scanner (DSS)

Hier gibt es das Tool -> dss.exe

* Schließe alle Anwendungen
* Doppelklicke dss.exe um das Programm zu starten
* Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt
der main.txt öffnen.
Ein weiteres Logfile, die extra.txt liegt im Verzeichnis
c:\Deckard\SystemScanner\extra.txt
* Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als ['CODE]TEXT['/CODE]


Was Deckards System Scanner macht:

* Es Erstellt einen System Wiederherstellungspunkt
* es säubert die temporären Dateien, Downloaded Program Files, Internet
Cache Dateien und es leert den Mülleimer auf allen Lauferken.

ispott 17.07.2008 17:33
moin!

sooo hier hamwa die logs:

main.txt 1. teil
Code:
Deckard's System Scanner v20071014.68
Run by poleff on 2008-07-17 18:26:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-17 16:26:16 UTC - RP52 - Deckard's System Scanner Restore Point
1: 2008-07-17 08:06:22 UTC - RP51 - DirectX wurde installiert


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.11 GiB (less than 15%) free.


-- HijackThis (run as poleff.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:05, on 17.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Programme\HDD Health\hddhealth.exe
C:\Programme\GetRight\GetRight.exe
C:\Downloads\dss.exe
D:\Programme\ICQ\Icq.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\poleff.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ] D:\Programme\ICQ\Icq.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Programme\ICQ\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214333912812
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

--
End of file - 4216 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 si3112r (Silicon Image SiI 3112 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; SATARaid>
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>
R0 SiWinAcc - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce MCP Networking Adapter
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&13C0B0C5&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce MCP Networking Adapter #2
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&13C0B0C5&0&20
Service: NVENET

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-Netzwerkadapter
Device ID: V1394\NIC1394\400280E01800
Manufacturer: Microsoft
Name: 1394-Netzwerkadapter
PNP Device ID: V1394\NIC1394\400280E01800
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-07-08 01:09:06      276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-17 10:04:27        0 d-------- C:\WINDOWS\Logs
2008-07-17 09:55:34        0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-17 09:52:13        0 d-------- C:\Programme\Gemeinsame Dateien\ATI Technologies
2008-07-17 09:50:52    593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-17 09:50:50    307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-17 09:50:48    368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-17 09:50:47    887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-17 09:50:46  3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-17 09:50:45  3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-17 09:50:45    165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-17 09:36:57        0 d-------- C:\Programme\ATI Technologies
2008-07-17 09:22:42        0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-17 07:11:59        0 d-------- C:\Downloads
2008-07-16 22:28:48        0 d-------- C:\Programme\Gemeinsame Dateien\ACD Systems
2008-07-15 18:44:23        0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-15 18:43:08        0 d-------- C:\Programme\FRISK Software
2008-07-09 05:28:17        0 d-------- C:\WINDOWS\uninstall
2008-07-07 20:33:27        0 d-------- C:\Programme\Winamp
2008-07-05 21:24:38        0 d-------- C:\WINDOWS\Sun
2008-07-05 21:23:40        0 d-------- C:\Programme\Java
2008-07-05 21:23:21        0 d-------- C:\Programme\Gemeinsame Dateien\Java
2008-07-02 23:25:26        0 d-------- C:\Programme\Veoh Networks
2008-07-02 23:25:07        0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-02 00:02:03        8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-28 21:40:18        0 d-------- C:\Programme\GetRight
2008-06-28 20:25:56        0 d--h----- C:\WINDOWS\PIF
2008-06-26 11:38:19        0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-25 12:46:13        0 d-------- C:\Programme\DAEMON Tools Lite
2008-06-25 12:43:42        0 d-------- C:\WINDOWS\Prefetch
2008-06-25 12:39:21  1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-06-25 12:39:21  3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-06-25 12:39:21    272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-06-25 12:39:21    503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-06-25 12:39:18        0 d-------- C:\WINDOWS\system32\de-de
2008-06-25 12:39:17        0 d-------- C:\WINDOWS\provisioning
2008-06-25 12:39:16        0 d-------- C:\WINDOWS\system32\de
2008-06-25 12:39:16        0 d-------- C:\WINDOWS\peernet
2008-06-25 12:39:16        0 d-------- C:\WINDOWS\l2schemas
2008-06-25 12:38:04        0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-25 12:36:50        0 d-------- C:\WINDOWS\network diagnostic
2008-06-25 12:36:48  2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-06-25 12:35:07        0 d-------- C:\WINDOWS\EHome
2008-06-24 22:01:32    717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-24 21:00:42        0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-24 21:00:39        0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-24 21:00:22        0 d-------- C:\WINDOWS\system32\bits
2008-06-24 20:58:36        0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-24 20:18:47        0 d--hs---- C:\WINDOWS\ftpcache
2008-06-24 20:17:16        0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-24 20:16:53    80896 --a------ C:\WINDOWS\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-06-24 19:59:22        0 d-------- C:\WINDOWS\nvidia icons
2008-06-23 02:50:07        0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-06-23 02:30:31        0 d-------- C:\WINDOWS\nview
2008-06-23 02:07:42      552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-22 23:16:03      9600 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>
2008-06-22 23:15:49    85333 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys <Not Verified; Silicon Image, Inc; SATARaid>
2008-06-22 22:35:07        0 d-------- C:\WINDOWS\OemDir
2008-06-22 22:35:04        0 d-------- C:\WINDOWS
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\WinSxS
2008-06-22 22:35:04        0 dr------- C:\WINDOWS\Web
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\twain_32
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\wins
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\wbem
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\usmt
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\spool
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\Setup
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\ras
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\oobe
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\npp
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\mui
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\IME
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\icsxml
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\ias
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\export
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\drivers
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-22 22:35:04        0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\dhcp
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\config
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\3076
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\2052
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\1054
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\1042
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\1041
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\1037
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\1033
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\1031
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\1028
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system32\1025
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\system
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\security
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\Resources
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\repair
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\mui
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\msapps
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\msagent
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\Media
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\java
2008-06-22 22:35:04        0 d--h----- C:\WINDOWS\inf
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\ime
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\Help
2008-06-22 22:35:04        0 dr--s---- C:\WINDOWS\Fonts
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\Driver Cache
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\Debug
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\Cursors
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\Connection Wizard
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\Config
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\AppPatch
2008-06-22 22:35:04        0 d-------- C:\WINDOWS\addins
2008-06-22 22:18:26        24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000002-80271102}.dat
2008-06-22 22:18:26        24 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000002-80271102}.dat
2008-06-22 22:14:03        0 d-------- C:\WINDOWS\pss
2008-06-22 22:08:20  1048576 -----n--- C:\WINDOWS\system32\SFMAN.DAT
2008-06-22 22:08:20    26768 -----n--- C:\WINDOWS\system32\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-06-22 22:08:20    53552 -----n--- C:\WINDOWS\CTCCW.DLL <Not Verified; Creative® Technology Ltd.; Custom Control for Windows>
2008-06-22 22:08:19        0 d-------- C:\WINDOWS\system32\Defaults
2008-06-22 22:08:05    270336 --a------ C:\WINDOWS\system32\SFMS32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:05    36864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2008-06-22 22:08:05    110592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL <Not Verified; Creative Technology Ltd; E-mu PIA>
2008-06-22 22:08:05    49152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2008-06-22 22:08:05    77824 --a------ C:\WINDOWS\system32\EAXAC3.DLL <Not Verified; Creative Labs; EAX-AC3 DLL>
2008-06-22 22:08:05        0 d-------- C:\WINDOWS\system32\Data
2008-06-22 22:08:05    184320 --a------ C:\WINDOWS\PSCONV.EXE
2008-06-22 22:08:05    61440 --a------ C:\WINDOWS\MIDIDEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:05    94208 --a------ C:\WINDOWS\DEVREG.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:05    49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Technology Ltd CTDCRES>
2008-06-22 22:08:04    28672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL <Not Verified; Creative Technology Ltd; CtSpkHlp Dynamic Link Library>
2008-06-22 22:08:04    643072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:04    155648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:04    24576 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2008-06-22 22:08:04    36864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:04    106496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:04    319488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:04    106496 --a------ C:\WINDOWS\system32\CTASIO.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:04    61440 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent>
2008-06-22 22:08:04    110592 --a------ C:\WINDOWS\system32\COMMONFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:08:04    53248 --a------ C:\WINDOWS\system32\AC3API.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-22 22:07:36        0 d-------- C:\Programme\Creative
2008-06-22 22:03:55        0 d-------- C:\Programme\Silicon Image
2008-06-22 22:03:55        0 d--h----- C:\Programme\InstallShield Installation Information
2008-06-22 22:03:32        0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-22 22:03:27        0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-06-22 21:59:05        0 --a------ C:\WINDOWS\nsreg.dat
2008-06-22 21:53:49        0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-22 21:46:16        0 d-------- C:\Programme\Gemeinsame Dateien\ODBC
2008-06-22 21:46:13        0 d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines
2008-06-22 21:46:12        0 dr------- C:\Programme
2008-06-22 21:46:12        0 d-------- C:\Programme\Gemeinsame Dateien
2008-06-22 21:45:46        0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-22 21:45:46        0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-22 21:45:28        0 d-------- C:\Dokumente und Einstellungen
2008-06-22 20:59:01        0 d--hs---- C:\WINDOWS\Installer
2008-06-22 20:58:25        0 d--hs---- C:\System Volume Information
2008-06-22 20:53:11        0 d-------- C:\WINDOWS\system32\xircom
2008-06-22 20:53:11        0 d-------- C:\Programme\microsoft frontpage
2008-06-22 20:52:57        0 -rahs---- C:\MSDOS.SYS
2008-06-22 20:52:57        0 -rahs---- C:\IO.SYS
2008-06-22 20:52:57        0 --a------ C:\CONFIG.SYS
2008-06-22 20:52:57        0 --a------ C:\AUTOEXEC.BAT
2008-06-22 20:52:11        0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-22 20:52:11        0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-22 20:52:03        0 d-------- C:\Programme\Online-Dienste
2008-06-22 20:51:51        0 d-------- C:\WINDOWS\system32\DirectX
2008-06-22 20:51:20        0 d-------- C:\Programme\Gemeinsame Dateien\Dienste
2008-06-22 20:51:16        0 d---s---- C:\WINDOWS\Tasks
2008-06-22 20:51:14        0 d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2008-06-22 20:51:07        0 d-------- C:\WINDOWS\srchasst
2008-06-22 20:51:06        0 d-------- C:\WINDOWS\system32\Macromed
2008-06-22 20:51:05        0 d-------- C:\Programme\Movie Maker
2008-06-22 20:51:02        0 d-------- C:\WINDOWS\system32\Restore
2008-06-22 20:51:02        0 d-------- C:\WINDOWS\PCHealth
2008-06-22 20:50:35    21740 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-22 20:50:32        0 d-------- C:\WINDOWS\Registration
2008-06-22 20:50:29        0 d--h----- C:\Programme\WindowsUpdate
2008-06-22 20:50:29        0 d-------- C:\Programme\Online Services
2008-06-22 20:50:26        0 d-------- C:\Programme\Messenger
2008-06-22 20:50:22        0 d-------- C:\Programme\MSN Gaming Zone
2008-06-22 20:49:57        0 d-------- C:\Programme\Windows NT
2008-06-22 20:49:56    40960 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®>
2008-06-22 20:49:55        0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-22 20:49:55        0 d-------- C:\WINDOWS\system32\Com

ispott 17.07.2008 17:34
main.txt 2. teil
Code:
-- Find3M Report ---------------------------------------------------------------

2008-07-17 10:02:54        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\ATI
2008-07-17 09:36:08    405118 --a------ C:\WINDOWS\system32\perfh007.dat
2008-07-17 09:36:08    70580 --a------ C:\WINDOWS\system32\perfc007.dat
2008-07-17 06:58:55        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\FRISK Software
2008-07-16 22:30:00        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\ACD Systems
2008-07-16 19:12:55        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Talkback
2008-07-16 19:12:48        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Mozilla
2008-07-16 19:12:46        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Thunderbird
2008-07-15 20:25:08        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\InstallShield
2008-07-13 00:42:31        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Command & Conquer 3 Kanes Rache
2008-07-10 23:03:15        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\PersBackup
2008-07-08 03:21:10        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Apple Computer
2008-07-06 17:40:53        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\teamspeak2
2008-07-05 21:24:38        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Sun
2008-07-03 00:08:27        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\DivX
2008-07-02 00:05:41        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\CyberLink
2008-06-28 22:00:14        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\GetRight
2008-06-25 19:11:35        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
2008-06-25 12:44:57        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\DAEMON Tools
2008-06-24 21:04:17        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\WinRAR
2008-06-23 23:36:58        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\vlc
2008-06-23 08:15:48        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Macromedia
2008-06-23 08:15:48        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Adobe
2008-06-22 21:45:59        62 --ahs---- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\desktop.ini
2008-06-22 20:58:59        0 d-------- C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Identities
2008-06-11 02:07:20  3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:03:26    196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 02:03:26    81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 02:03:20    802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 02:03:20    823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20    815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20    823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:18    683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 00:18:54    12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-PROT Antivirus Tray application"="C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [21.04.2008 15:25]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21.01.2008 12:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Programme\DAEMON Tools Lite\daemon.exe" [01.04.2008 11:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ"=D:\Programme\ICQ\Icq.exe -trayboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SATARaid.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SATARaid.lnk
backup=C:\WINDOWS\pss\SATARaid.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
D:\Programme\ICQ\NDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
sstray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Programme\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs        eaphost
dot3svc        dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-17 18:28:40 ------------

ispott 17.07.2008 17:36
extra.txt

Code:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: German

CPU 0: AMD Athlon(tm) XP 3200+
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2047.48 MiB / 1602.79 MiB
Pagefile Memory (total/avail): 3432.87 MiB / 3137.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.85 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 6.83 GiB total, 0.11 GiB free.
D: is Fixed (NTFS) - 224.61 GiB total, 18.74 GiB free.
E: is Fixed (NTFS) - 234.31 GiB total, 4.93 GiB free.
F: is Fixed (NTFS) - 270.45 GiB total, 26.87 GiB free.
G: is Fixed (NTFS) - 195.31 GiB total, 119.24 GiB free.
H: is CDROM (CDFS)
I: is CDROM (No Media)
J: is Removable (FAT)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ SCSI Disk Device - 465.76 GiB - 3 partitions
  \PARTITION0 (bootable) - Installierbares Dateisystem - 6.83 GiB - C:
  \PARTITION1 - Erweitert mit Int 13 (erweitert) - 458.92 GiB - D: - E:

\\.\PHYSICALDRIVE1 - SAMSUNG HD501LJ SCSI Disk Device - 465.76 GiB - 2 partitions
  \PARTITION0 - Installierbares Dateisystem - 270.45 GiB - F:
  \PARTITION1 - Installierbares Dateisystem - 195.31 GiB - G:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device - 486.34 MiB - 1 partition
  \PARTITION0 (bootable) - MS-DOS V4 Huge - 488.22 MiB - J:

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\poleff\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.6.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=WOLF2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\poleff
LOGONSERVER=\\WOLF2
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Dokumente und Einstellungen\poleff\Anwendungsdaten\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Programme\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Programme\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Programme\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;D:\Programme\QuickTime\QTSystem\;C:\Programme\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_06\lib\ext\QTJava.zip
SAN_DIR=D:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\poleff\LOKALE~1\Temp
TMP=C:\DOKUME~1\poleff\LOKALE~1\Temp
USERDOMAIN=WOLF2
USERNAME=poleff
USERPROFILE=C:\Dokumente und Einstellungen\poleff
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

poleff (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> "C:\Programme\InstallShield Installation Information\{A8200008-BE06-4C26-BB8D-717FE18F74B7}\setup.exe" -runfromtemp -l0x0007 -removeonly
 --> C:\Programme\Creative\SBLive\Program\Ctzapxx.EXE /X /U /S
 --> D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9  /remove
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 10 Foto-Manager --> MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Dienstprogramm zur Deinstallation der Software --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer 3 Tiberium Wars(TM) Worldbuilder --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F428768A-BA63-43A5-86E9-7F0CFD174944}\setup.exe" -l0x9  -removeonly
Command & Conquer™ 3: Kanes Rache --> MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
DIE SIEDLER - Aufstieg eines Königreichs (Alle Produkte) --> "C:\Programme\InstallShield Installation Information\{A8200008-BE06-4C26-BB8D-717FE18F74B7}\setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Codec --> D:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
F-PROT Antivirus for Windows --> MsiExec.exe /I{E58B329B-FB28-4874-90DE-0D7CB2709267}
FLV Player 2.0, build 24 --> D:\Programme\FLV Player\uninst.exe
GetRight --> "C:\Programme\GetRight\unins000.exe"
HDD Health v3.2 Beta --> "D:\Programme\HDD Health\unins000.exe"
HijackThis 2.0.2 --> "D:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ --> D:\PROGRA~1\ICQ\ICQUninstall.EXE
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> D:\Programme\Mozilla Thunderbird\uninstall\helper.exe
NVIDIA nForce Treiber für Windows 2000/XP --> rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
Personal Backup 4.1 --> "C:\Programme\Personal Backup 4\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
SATARaid --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{91649626-E343-11D5-BCEF-005004748D87}\Setup.exe" -l0x9
SiSoftware Sandra Lite XII.SP2c --> "D:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\unins000.exe"
Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
TimeShift --> C:\Programme\InstallShield Installation Information\{1367FA2F-2B3D-430F-872F-588B93420BFC}\setup.exe -runfromtemp -l0x0007 -removeonly
Turbo Lister 2 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
VeohTV BETA --> C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Winamp (remove only) --> "D:\Programme\Winamp\UninstWA.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR --> C:\Programme\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type399 / Error
Event Submitted/Written: 07/17/2008 06:20:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
Das medienspezifische Ereignis für [drwtsn32.exe!ws!] wird verarbeitet.

Event Record #/Type398 / Error
Event Submitted/Written: 07/17/2008 06:20:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5512, Fehleradresse 0x00010c9d.
Das medienspezifische Ereignis für [explorer.exe!ws!] wird verarbeitet.

Event Record #/Type393 / Success
Event Submitted/Written: 07/17/2008 10:30:12 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Event Record #/Type391 / Success
Event Submitted/Written: 07/17/2008 10:30:10 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Event Record #/Type389 / Success
Event Submitted/Written: 07/17/2008 10:30:10 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.Mobile, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1767 / Error
Event Submitted/Written: 07/17/2008 10:43:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "SiSoftware Deployment Agent Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Event Record #/Type1757 / Error
Event Submitted/Written: 07/17/2008 10:43:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "SiSoftware Deployment Agent Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Event Record #/Type1731 / Error
Event Submitted/Written: 07/17/2008 09:57:43 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type1613 / Error
Event Submitted/Written: 07/17/2008 09:20:58 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "SiSoftware Deployment Agent Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Event Record #/Type1612 / Error
Event Submitted/Written: 07/17/2008 09:20:08 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-07-17 18:28:40 ------------


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19