Home » Spyware & Browser Hijacker Support Forum » Explorer.exe hat ein Problem festgestellt... » Themenansicht

Explorer.exe hat ein Problem festgestellt...
#0
13.08.2008, 03:46
Fipsi18
...neu hier

Beiträge: 3
#1 Hallo,
bin ganz neu und nerv gleich mit einem Problem.
Wie oben schon steh stürzt meine explorer.exe andauernd ab. Ist nicht der "Bug" mit der Ansicht bei Videos.

Ich hab schon einige Sachen versucht, aber nichts hat so richtig funktionieren wollen.
Hoffentlich könnt ihr mir da ja helfen.

Hier mal mein Hijack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:42:43, on 13.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Rainlendar2\Rainlendar2.exe
C:\DOKUME~1\Fipsi\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\a-squared Free\a2service.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Microsoft SQL Server\MSSQL$MESONIC\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Programme\Hijack This\hijackthis.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Verknüpfung mit Rainlendar2e.exe.lnk = C:\Programme\Rainlendar2\Rainlendar2e.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3914 bytes


Mit freundlichen Grüßen
Fipsi18
Seitenanfang Seitenende
13.08.2008, 13:03
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo, Fipsi18
versuche Comboscan anzuwenden + poste hier die 2 Logs, die erstellt werden
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.08.2008, 13:47
Fipsi18
...neu hier

Themenstarter

Beiträge: 3
#3 main.txt

Deckard's System Scanner v20071014.68
Run by Fipsi on 2008-08-13 13:31:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2008-08-13 11:31:20 UTC - RP184 - Deckard's System Scanner Restore Point
31: 2008-08-13 01:51:29 UTC - RP183 - Cooktop 2.5 wird entfernt
30: 2008-08-13 01:25:52 UTC - RP182 - Removed WMHelp XmlPad
29: 2008-08-13 01:22:26 UTC - RP181 - iTunes wird entfernt
28: 2008-08-13 01:19:20 UTC - RP180 - Desktop Genius wird entfernt


-- First Restore Point --
1: 2008-08-07 15:01:05 UTC - RP153 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Fipsi.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:35, on 13.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Rainlendar2\Rainlendar2.exe
C:\DOKUME~1\Fipsi\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Microsoft SQL Server\MSSQL$MESONIC\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ThunderbirdPortable\ThunderbirdPortable.exe
C:\Programme\ThunderbirdPortable\App\Thunderbird\Thunderbird.exe
C:\Programme\Miranda IM\miranda32.exe
C:\Programme\Eudemons Online\soul.exe
C:\Dokumente und Einstellungen\Fipsi\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Fipsi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Verknüpfung mit Rainlendar2e.exe.lnk = C:\Programme\Rainlendar2\Rainlendar2e.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 5198 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080813-025625-311 O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
backup-20080813-030023-321 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (file missing)
backup-20080813-030023-407 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
backup-20080813-030948-107 O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
backup-20080813-030948-622 O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
backup-20080813-030948-818 O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
backup-20080813-030948-835 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
backup-20080813-031100-173 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080813-031100-254 O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Programme\Altova\XMLSpy2008\spy.htm
backup-20080813-031100-261 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
backup-20080813-031100-275 O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080813-031100-328 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
backup-20080813-031100-393 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080813-031100-423 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20080813-031100-442 O8 - Extra context menu item: Open with XmlPad - res://C:\Programme\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
backup-20080813-031100-532 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
backup-20080813-031100-570 O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSpy2008\spy.htm
backup-20080813-031100-628 O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080813-031100-645 O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSpy2008\spy.htm
backup-20080813-031100-670 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20080813-031100-758 O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20080813-031100-805 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080813-031100-892 O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
backup-20080813-031100-918 O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080813-031100-923 O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
backup-20080813-031100-930 O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
backup-20080813-031101-222 O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Programme\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
backup-20080813-031101-446 O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
backup-20080813-032831-521 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
backup-20080813-032853-395 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20080813-033416-266 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080813-033416-675 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
backup-20080813-033416-870 O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
backup-20080813-033416-902 O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
backup-20080813-033434-603 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
backup-20080813-033434-802 O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
backup-20080813-033441-471 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
backup-20080813-033502-381 O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
backup-20080813-033717-503 O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
backup-20080813-033717-724 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
backup-20080813-035213-559 O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
[COLOR=red].js - jsfile - DefaultIcon - "C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7[/COLOR]
[COLOR=red].js - jsfile - shell\open\command - "C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
R2 XAudio - c:\windows\system32\drivers\xaudio.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSF_DPV - c:\windows\system32\drivers\hsx_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSXHWAZL - c:\windows\system32\drivers\hsxhwazl.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\windows\system32\drivers\hsx_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 PORTMON - d:\downloads\portmsys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Bonjour Service (Bonjour-Dienst) - c:\programme\bonjour\mdnsresponder.exe <Not Verified; Apple Inc.; Bonjour>

S2 XAudioService - c:\windows\system32\drivers\xaudio.exe <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
S4 FLEXnet Licensing Service - "c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NBService - c:\programme\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\WEC1023\4&2FFE84EA&0
Manufacturer:
Name:
PNP Device ID: ACPI\WEC1023\4&2FFE84EA&0
Service:


-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-13 02:51:43 0 d-------- C:\Programme\Hijack This
2008-08-12 23:51:44 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-12 23:51:44 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-12 23:51:44 0 d-------- C:\Programme\Xvid
2008-08-12 23:02:59 0 d-------- C:\Programme\Security Task Manager
2008-08-12 22:39:41 0 d-------- C:\Programme\Gemeinsame Dateien\ArcSoft
2008-08-12 22:39:41 0 d-------- C:\Programme\ArcSoft
2008-08-12 22:39:14 0 d-------- C:\Programme\Philips
2008-08-08 01:47:28 0 d-------- C:\Dokumente und Einstellungen\Fipsi\.rainlendar2
2008-08-08 01:47:18 0 d-------- C:\Programme\Rainlendar2
2008-08-01 21:59:24 0 d-------- C:\Programme\Miranda IM 3
2008-08-01 13:17:18 0 d-------- C:\Programme\DAEMON Tools Lite
2008-08-01 12:50:33 0 d-------- C:\Programme\Drakensang
2008-07-17 15:54:37 548 --ah----- C:\os539959.bin
2008-07-17 15:53:58 0 d-------- C:\Programme\TI Education
2008-07-17 15:53:57 0 d-------- C:\WINDOWS\Vbox
2008-07-16 21:43:28 0 d--hs---- C:\WINDOWS\ftpcache


-- Find3M Report ---------------------------------------------------------------

2008-08-13 13:25:53 0 d-------- C:\Programme\Mozilla Firefox 3 Beta 5
2008-08-13 10:46:58 429664 --a------ C:\WINDOWS\system32\perfh007.dat
2008-08-13 10:46:58 80372 --a------ C:\WINDOWS\system32\perfc007.dat
2008-08-13 03:51:31 0 d-------- C:\Programme\Cooktop 2.5
2008-08-13 03:26:53 0 d-------- C:\Programme\XMLPro2
2008-08-13 03:21:58 0 d-------- C:\Programme\Fishdom
2008-08-13 03:18:22 0 d-------- C:\Programme\Bonjour
2008-08-13 03:16:34 0 d-------- C:\Programme\Gemeinsame Dateien
2008-08-13 03:09:51 0 d-------- C:\Programme\FlashGet
2008-08-12 23:45:44 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\ArcSoft
2008-08-12 23:05:56 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\Help
2008-08-12 22:39:40 0 d--h----- C:\Programme\InstallShield Installation Information
2008-08-09 00:16:03 0 d-------- C:\Programme\Eudemons Online
2008-08-07 22:23:07 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\InstallShield
2008-08-01 21:58:53 0 d-------- C:\Programme\Miranda IM 2
2008-08-01 21:30:34 0 d-------- C:\Programme\Miranda IM
2008-07-25 12:27:13 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\Games
2008-07-25 12:23:58 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-07-24 18:34:52 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\FileZilla
2008-07-23 00:24:56 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\Ahead
2008-07-12 18:05:35 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\Miranda
2008-07-10 16:18:10 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\Playrix Entertainment
2008-07-10 15:48:07 0 d-------- C:\Programme\Pcsx2_0.9.4
2008-07-07 03:07:52 0 d-------- C:\Programme\ViennaSoft
2008-07-03 23:57:22 0 d-------- C:\Dokumente und Einstellungen\Fipsi\Anwendungsdaten\Adobe
2008-07-03 23:30:21 0 d-------- C:\Programme\FileZilla FTP Client
2008-06-26 02:24:00 1101824 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-06-26 02:24:00 1724416 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-06-26 02:24:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-06-26 02:24:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-06-26 02:24:00 1503232 --a------ C:\WINDOWS\system32\nview.dll
2008-06-25 17:12:54 0 d-------- C:\Programme\QuickTime
2008-06-18 11:51:39 0 d-------- C:\Programme\ProxyFirewall
2008-06-13 00:20:25 0 d-------- C:\Programme\AutoIt3
2008-06-01 18:34:35 532480 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Ingenieurbüro Richter Germany, Beethovenstrasse 23, 72175 Dornhan, eMail Ingeniuerbuero_Richter@gmx.de, www.ingb-richter.de; CALCULATOR Pro>
2008-06-01 18:34:34 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic für Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [19.09.2007 18:14 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 18:43 C:\WINDOWS\Alcmtr.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [04.05.2007 12:23]
"@"="" []
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [17.07.2008 19:19]
"ArcSoft Connection Service"="C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [17.04.2008 14:14]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [26.06.2008 02:24]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [26.06.2008 02:24]
"nwiz"="nwiz.exe" [26.06.2008 02:24 C:\WINDOWS\system32\nwiz.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 07:52]
"DAEMON Tools Lite"="C:\Programme\DAEMON Tools Lite\daemon.exe" [24.07.2008 17:02]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Dokumente und Einstellungen\Fipsi\Startmen\Programme\Autostart\
Verknpfung mit Rainlendar2e.exe.lnk - C:\Programme\Rainlendar2\Rainlendar2e.exe [12.07.2008 14:30:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Service Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Duden Korrektor SysTray]
C:\Programme\Duden\Duden Korrektor\dktray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"C:\Programme\FlashGet\FlashGet.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
C:\Programme\Rainlendar2\Rainlendar2e.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02df5473-2a87-11dd-b6f3-001b244ca1b8}]
Auto\command- G:\UFO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02df5475-2a87-11dd-b6f3-001b244ca1b8}]
Auto\command- I:\UFO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02df5479-2a87-11dd-b6f3-001b244ca1b8}]
Auto\command- G:\UFO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{057c6c66-1b59-11dd-a401-001b244ca1b8}]
AutoRun\command- G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22b1df86-1036-11dd-a3d6-001b244ca1b8}]
Auto\command- UFO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27cebf8e-1680-11dd-a3f0-001b244ca1b8}]
AutoRun\command- G:\autoplay.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95651c1c-5fbb-11dd-b771-001b244ca1b8}]
AutoRun\command- F:\StartUp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f296ff78-0f70-11dd-a3d4-001b244ca1b8}]
AutoRun\command- G:\WD_Windows_Tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-08-13 13:33:02 ------------



===============================================
===============================================



extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: German

CPU 0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2046.36 MiB / 1307.78 MiB
Pagefile Memory (total/avail): 3941.59 MiB / 3312.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.36 MiB

C: is Fixed (NTFS) - 50 GiB total, 9.6 GiB free.
D: is Fixed (NTFS) - 99.04 GiB total, 1.97 GiB free.
E: is CDROM (CDFS)
F: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 50 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 99.04 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- User Profiles ---------------------------------------------------------------

Fipsi (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Programme\BZEdit1.6.5\uninstall.exe"
--> C:\Programme\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
Acer OrbiCam --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\Setup.exe" -l0x7
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Programme\Gemeinsame Dateien\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Contribute CS3 --> MsiExec.exe /I{FF3E2850-BD2E-4B56-A89D-21E588D518E0}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{DA896917-C1DA-45B2-B4D2-68162F16C0DD}
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen --> C:\Programme\Gemeinsame Dateien\Adobe\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe ExtendScript Toolkit 2 --> C:\Programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{C9D456FD-C25B-49DE-AA71-6B76D6550B23}
Adobe Flash CS3 --> MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{DFFDDCF5-CB32-4354-8823-1B9E68025953}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
ArcSoft MediaConverter 2.5 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}\Setup.exe" -l0x7
AutoIt v3.2.10.0 --> C:\Programme\AutoIt3\Uninstall.exe
Avira AntiVir Personal - Free Antivirus --> C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitLord 1.1 --> C:\Programme\BitLord\uninst.exe
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Calculator Pro --> C:\WINDOWS\st6unst.exe -n "C:\Programme\Calculator Pro\gb40Unst.LOG"
ColorPic --> C:\WINDOWS\ColorPic Uninstaller.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dia (nur entfernen) --> C:\Programme\Dia\dia-0.96.1-7-uninstall.exe
DisSharp --> MsiExec.exe /I{58344DA3-BE43-4B4F-8BF7-7DE69A9CBB77}
Dracula Origin --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{35A0C956-ACF1-41AB-89DE-1772C8A27ACB}\setup.exe" -l0x7 -removeonly
Drakensang --> "C:\Programme\Drakensang\unins000.exe"
Duden Korrektor 3.51 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{81C6E6C3-7400-43AB-876D-5CADDE28D207}
Eudemons Online --> C:\Programme\InstallShield Installation Information\{2B4A545A-DF30-4FC9-B56E-EB7DAFA70792}\setup.exe -runfromtemp -l0x0009 -removeonly
FileZilla Client 3.0.11 --> C:\Programme\FileZilla FTP Client\uninstall.exe
FlashGet 1.9.6.1073 --> C:\Programme\FlashGet\uninst.exe
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HI-TECH PICC-Lite V9.60PL1 --> "C:\Programme\HI-TECH Software\PICC\LITE\9.60\resources\setup.exe" --remove
Hijack This 2.0.2 --> "C:\Programme\Hijack This\unins000.exe"
HijackThis 2.0.2 --> "C:\Programme\Hijack This\HijackThis.exe" /uninstall
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Last.fm 1.5.1.30182 --> "C:\Programme\Last.fm\unins000.exe"
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (MESONIC) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft XNA Framework Redistributable 2.0 --> MsiExec.exe /I{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}
Miranda IM 0.7.8 --> C:\Programme\Miranda IM 3\Uninstall.exe
Mozilla Firefox (3.0.1) --> C:\Programme\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16) --> C:\Programme\ThunderbirdPortable\App\thunderbird\uninstall\helper.exe
MPLAB Tools v8.00 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{22365774-A8A2-4016-99DA-4C486DA137ED}
MPLAB Tools v8.10 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{5E9EA5FD-DFD9-44C7-8301-00E371A6D8E1}
MyEntunnel (remove only) --> "C:\Programme\myentunnel\uninst.exe"
Nero 7 Ultra Edition --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301031}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x7 -removeonly
Oblivion User Patch --> "C:\Programme\Oblivion\unins000.exe"
Oblivion User Patch --> "C:\Programme\Oblivion\unins001.exe"
Packet Tracer 4.11 --> "C:\Programme\Packet Tracer 4.11\unins000.exe"
Pcsx2 0.9.4 Watermoose --> "C:\Programme\Pcsx2_0.9.4\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator --> C:\Programme\PDFCreator\unins000.exe
Perfect FTP --> MsiExec.exe /X{42A74897-DE10-11D5-AB0D-000374890932}
PICkit 2 v2.40 --> MsiExec.exe /I{FF799F69-DC18-4E6D-AA27-CB6B0795FE94}
ProxyFirewall 1.0.4 Beta --> "C:\Programme\ProxyFirewall\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rainlendar2 (remove only) --> "C:\Programme\Rainlendar2\uninst.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x7 anything
SA32xx Device Manager --> C:\Programme\InstallShield Installation Information\{7CDC26F7-D6BF-442A-B599-0075A48310F7}\setup.exe -runfromtemp -l0x0007 -removeonly
Security Task Manager 1.7f --> C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2FA085C7-5715-486B-8330-4F85DF4BE682}\setup.exe" -l0x9 -removeonly
SUPER © Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Tinypic 3.13 --> "C:\Programme\Tinypic\unins000.exe"
TortoiseSVN 1.4.8.12137 (32 bit) --> MsiExec.exe /X{1E010E57-0453-4A84-A899-47EEA104661C}
Uninstall 1.0.0.0 --> "C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6f --> C:\Programme\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Programme\Winamp\UninstWA.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR --> C:\Programme\WinRAR\uninstall.exe
XAMPP 1.6.6a --> "c:\xampp\uninstall.exe"
Xvid 1.1.3 final uninstall --> "C:\Programme\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2181 / Warning
Event Submitted/Written: 08/13/2008 10:42:56 AM
Event ID/Source: 19011 / MSSQL$MESONIC
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type2174 / Error
Event Submitted/Written: 08/13/2008 03:51:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5512, Fehleradresse 0x00010193.
Das medienspezifische Ereignis für [explorer.exe!ws!] wird verarbeitet.

Event Record #/Type2170 / Error
Event Submitted/Written: 08/13/2008 03:36:49 AM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul comctl32.dll, Version 6.0.2900.5512, Fehleradresse 0x00043770.
Das medienspezifische Ereignis für [explorer.exe!ws!] wird verarbeitet.

Event Record #/Type2168 / Warning
Event Submitted/Written: 08/13/2008 03:36:43 AM
Event ID/Source: 19011 / MSSQL$MESONIC
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type2164 / Error
Event Submitted/Written: 08/13/2008 03:33:23 AM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5512, Fehleradresse 0x00010193.
Das medienspezifische Ereignis für [explorer.exe!ws!] wird verarbeitet.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9772 / Error
Event Submitted/Written: 08/13/2008 10:42:55 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "XAudioService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193

Event Record #/Type9687 / Warning
Event Submitted/Written: 08/13/2008 03:16:24 AM
Event ID/Source: 263 / PlugPlayManager
Event Description:
Der Dienst "Apple Mobile Device" war möglicherweise für Geräteereignisbenachrichtigungen nicht deregistriert, bevor er beendet wurde.

Event Record #/Type9662 / Error
Event Submitted/Written: 08/13/2008 03:05:54 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "XAudioService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193

Event Record #/Type9626 / Error
Event Submitted/Written: 08/13/2008 02:42:18 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "XAudioService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193

Event Record #/Type9573 / Error
Event Submitted/Written: 08/13/2008 02:17:22 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "XAudioService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193



-- End of Deckard's System Scanner: finished at 2008-08-13 13:33:02 ------------







Vielen Dank für deine Hilfe bis jetzt.

mfg
Seitenanfang Seitenende
13.08.2008, 15:44
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 ich habe im moment keine zeit, um das alles durchzuarbeiten, muss arbeiten fahren, heute Abend/Nacht schaue ich es mir noch mal an.
hast du einen usb-stick angeschlossen ? - UFO.exe ? Ist der Stick sauber ? Oder von jemandem ausgeborgt ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.08.2008, 15:48
Fipsi18
...neu hier

Themenstarter

Beiträge: 3
#5 Mhm, das könnte es sein, hab aber zurzeit nichts angeschlossen. Das hatte ich mal vor längerer Zeit, aber da hat AntiVir sofort geschrien. Und ja, das war ein USB von einem Freund. Aber sollte eigentlich nicht mehr vorhanden sein.

mfg
Seitenanfang Seitenende
13.08.2008, 23:05
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 fehlgeschlagenes Modul ntdll.dll
fehlgeschlagenes Modul comctl32.dll

es kann sein (nehme also an) , dass die Fehlermeldungen
durch den Zugriff auf die Datenbank Microsoft SQL Server zustandekommen.

Stürzt der Explorer auch ab, wenn du Microsoft SQL Server deaktivierst ?

-------

prüfe auch mal die Treiber von XAudioService

-----

hast du ein sauberes Backup vom Nero ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1