Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Pc startet sehr viele Winlogon.exe prozesse .

Pc startet sehr viele Winlogon.exe prozesse .


Plagegeister aller Art und deren Bekämpfung: Pc startet sehr viele Winlogon.exe prozesse .

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 28.08.2010, 19:26   #16
caglarinho
 
Pc startet sehr viele Winlogon.exe prozesse . - Standard

Pc startet sehr viele Winlogon.exe prozesse .


OTL.txt :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.08.2010 20:19:29 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Taxxi Maxxi Sedri\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 37,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 166,98 Gb Free Space | 71,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CAGLAR
Current User Name: Taxxi Maxxi Sedri
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Taxxi Maxxi Sedri\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamSpeak 3 Client2\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Programme\League of Legends\Air\LolClient.exe ()
PRC - C:\Programme\League of Legends\lol.launcher.exe (Solid State Networks)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Taxxi Maxxi Sedri\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100304.005\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100304.005\NAVENG.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0401000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0401000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0401000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0401000.020\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\N360\0401000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0401000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0401000.020\SYMDS.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSVix86.sys (Symantec Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 42 03 E6 DE 60 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.118
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010.08.28 17:15:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010.08.28 17:15:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 14:01:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 09:34:19 | 000,000,000 | ---D | M]
 
[2009.11.10 23:23:00 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Extensions
[2010.08.28 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Firefox\Profiles\3l5oe96x.default\extensions
[2010.07.19 12:48:21 | 000,000,000 | ---D | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Firefox\Profiles\3l5oe96x.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010.06.13 18:44:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Firefox\Profiles\3l5oe96x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.01.16 19:52:22 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Firefox\Profiles\3l5oe96x.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010.08.26 08:34:59 | 000,000,944 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Mozilla\FireFox\Profiles\3l5oe96x.default\searchplugins\icqplugin.xml
[2010.08.21 13:19:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.09 16:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.13 18:43:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.21 13:19:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.11.23 15:37:42 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.1.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.1.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.1.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [HKCU] C:\Windows\System32\Winlog\Winlogon.exe File not found
O4 - Startup: C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Windows Sidebar\sidebar.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fa79c08-cd3d-11de-9265-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{2fa79c08-cd3d-11de-9265-001617c7df13}\Shell\AutoRun\command - "" = J:\Install.exe -- File not found
O33 - MountPoints2\{97a642fa-cccc-11de-a766-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{97a642fa-cccc-11de-a766-001617c7df13}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{97a643b9-cccc-11de-a766-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{97a643b9-cccc-11de-a766-001617c7df13}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.28 20:17:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Taxxi Maxxi Sedri\Desktop\OTL.exe
[2010.08.28 19:44:11 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\norton
[2010.08.28 19:33:14 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Malwarebytes
[2010.08.28 19:33:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.28 19:32:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.28 19:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.28 19:32:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.28 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\CrashDumps
[2010.08.28 17:14:56 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.08.28 17:14:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.08.28 17:14:51 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.08.28 17:14:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.08.28 17:14:51 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.08.28 17:14:34 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.sys
[2010.08.28 17:14:34 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symtdiv.sys
[2010.08.28 17:14:34 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\SymDS.sys
[2010.08.28 17:14:34 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.sys
[2010.08.28 17:14:34 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\SymEFA.sys
[2010.08.28 17:14:34 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\Ironx86.sys
[2010.08.28 17:14:34 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.sys
[2010.08.28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010.08.28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0401000.020
[2010.08.28 17:14:10 | 000,000,000 | ---D | C] -- C:\Programme\Norton 360
[2010.08.28 17:14:00 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.08.27 23:38:54 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\x3n Hack v1
[2010.08.26 22:51:05 | 000,000,000 | ---D | C] -- C:\Programme\LittleFighter2
[2010.08.21 13:20:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.08.21 13:19:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.21 13:19:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.21 13:19:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.11 12:24:26 | 000,000,000 | ---D | C] -- C:\Programme\eDgMt2
[2010.08.10 23:00:04 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.10 23:00:04 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.10 23:00:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.10 22:55:39 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.10 22:55:38 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 22:55:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.10 22:55:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.10 22:55:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.10 22:55:17 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.10 22:55:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.10 22:55:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.10 22:55:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.10 22:55:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.10 22:55:04 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.03 17:07:30 | 000,000,000 | R--D | C] -- C:\Users\Taxxi Maxxi Sedri\Virtual Machines
[2010.08.03 16:10:40 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\Documents\BattleForge
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.28 20:22:15 | 007,864,320 | -HS- | M] () -- C:\Users\Taxxi Maxxi Sedri\NTUSER.DAT
[2010.08.28 20:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Taxxi Maxxi Sedri\Desktop\OTL.exe
[2010.08.28 20:13:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.28 19:56:12 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.28 19:56:12 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.28 19:48:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.28 19:48:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.28 19:48:42 | 804,704,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.28 19:47:10 | 002,216,051 | -H-- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\IconCache.db
[2010.08.28 17:15:37 | 001,014,558 | ---- | M] () -- C:\Windows\System32\drivers\N360\0401000.020\Cat.DB
[2010.08.28 17:14:51 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.08.28 17:14:51 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.08.28 17:14:51 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.08.28 17:14:41 | 000,002,394 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010.08.27 22:47:24 | 000,058,406 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\SQLite3.dll
[2010.08.23 22:54:19 | 000,000,817 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{0393BE67-FCC5-4272-BDE4-AB37D4DA95F8}_prof
[2010.08.23 22:54:18 | 000,000,842 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{0393BE67-FCC5-4272-BDE4-AB37D4DA95F8}_sta
[2010.08.23 22:53:28 | 000,000,842 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{18A9FDC6-2030-49AD-A366-EB0B6A560C5C}_sta
[2010.08.23 22:53:28 | 000,000,817 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{18A9FDC6-2030-49AD-A366-EB0B6A560C5C}_prof
[2010.08.22 20:32:11 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.22 20:32:11 | 000,650,340 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.22 20:32:11 | 000,611,672 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.22 20:32:11 | 000,129,358 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.22 20:32:11 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.13 16:23:34 | 000,000,841 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{A7EBD742-3C78-4A75-90C7-ACEFC4E79D3B}_sta
[2010.08.13 16:23:34 | 000,000,817 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{A7EBD742-3C78-4A75-90C7-ACEFC4E79D3B}_prof
[2010.08.11 12:18:20 | 000,307,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.03 18:41:40 | 000,000,842 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{2C0FBE61-7A31-447C-9921-4A45E2E51712}_sta
[2010.08.03 18:41:40 | 000,000,816 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{2C0FBE61-7A31-447C-9921-4A45E2E51712}_prof
[2010.08.02 20:51:35 | 000,204,114 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\Documents\ts3_clientui-win32-11239-2010-08-02 20_51_28.095050.dmp
[2010.08.02 12:26:16 | 000,000,841 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{C326D83D-C58A-40D7-86DA-2F799DEA8EEB}_sta
[2010.08.02 12:26:16 | 000,000,816 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{C326D83D-C58A-40D7-86DA-2F799DEA8EEB}_prof
[2010.08.02 00:42:24 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.01 22:39:29 | 000,000,842 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{D52E2340-DFE2-4347-92CD-437504620D28}_sta
[2010.08.01 22:39:29 | 000,000,816 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{D52E2340-DFE2-4347-92CD-437504620D28}_prof
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.28 17:15:13 | 001,014,558 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\Cat.DB
[2010.08.28 17:14:51 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.08.28 17:14:51 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.08.28 17:14:41 | 000,002,394 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010.08.28 17:14:22 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymEFA.inf
[2010.08.28 17:14:22 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymDS.inf
[2010.08.28 17:14:22 | 000,001,754 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\ccHPx86.inf
[2010.08.28 17:14:22 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymNetV.inf
[2010.08.28 17:14:22 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymNet.inf
[2010.08.28 17:14:22 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.inf
[2010.08.28 17:14:22 | 000,001,382 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.inf
[2010.08.28 17:14:22 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\Iron.inf
[2010.08.28 17:14:13 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnetv.cat
[2010.08.28 17:14:13 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymEFA.cat
[2010.08.28 17:14:13 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.cat
[2010.08.28 17:14:13 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.cat
[2010.08.28 17:14:13 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\iron.cat
[2010.08.28 17:14:13 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymDS.cat
[2010.08.28 17:14:13 | 000,007,396 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.cat
[2010.08.28 17:14:13 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymNet.cat
[2010.08.28 17:14:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\isolate.ini
[2010.08.27 22:47:24 | 000,058,406 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\SQLite3.dll
[2010.08.02 20:51:28 | 000,204,114 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\Documents\ts3_clientui-win32-11239-2010-08-02 20_51_28.095050.dmp
[2010.06.25 11:02:17 | 000,000,834 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{F865EADE-0965-4B73-8693-312C91CD0150}_sta
[2010.06.25 11:02:15 | 000,000,830 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{F865EADE-0965-4B73-8693-312C91CD0150}_prof
[2010.03.28 19:52:54 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.03.26 14:39:59 | 000,000,842 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{0393BE67-FCC5-4272-BDE4-AB37D4DA95F8}_sta
[2010.03.26 14:39:56 | 000,000,817 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{0393BE67-FCC5-4272-BDE4-AB37D4DA95F8}_prof
[2010.03.25 16:13:11 | 000,000,841 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{A7EBD742-3C78-4A75-90C7-ACEFC4E79D3B}_sta
[2010.03.25 16:13:08 | 000,000,817 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{A7EBD742-3C78-4A75-90C7-ACEFC4E79D3B}_prof
[2010.02.27 15:50:50 | 000,000,842 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{18A9FDC6-2030-49AD-A366-EB0B6A560C5C}_sta
[2010.02.27 15:50:48 | 000,000,817 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{18A9FDC6-2030-49AD-A366-EB0B6A560C5C}_prof
[2010.02.16 00:53:21 | 000,027,839 | -H-- | C] () -- C:\Programme\buildlog.txt
[2010.02.13 23:01:50 | 000,005,120 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.10 18:04:28 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.02.09 13:59:47 | 000,000,841 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{C326D83D-C58A-40D7-86DA-2F799DEA8EEB}_sta
[2010.02.09 13:59:40 | 000,000,816 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{C326D83D-C58A-40D7-86DA-2F799DEA8EEB}_prof
[2010.02.02 20:56:40 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010.02.01 20:25:27 | 000,019,894 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\UserTile.png
[2010.01.24 16:28:21 | 000,000,842 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{D52E2340-DFE2-4347-92CD-437504620D28}_sta
[2010.01.24 16:28:20 | 000,000,816 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{D52E2340-DFE2-4347-92CD-437504620D28}_prof
[2010.01.16 21:20:41 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.01.16 21:20:41 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.12.24 00:16:40 | 000,000,842 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{2C0FBE61-7A31-447C-9921-4A45E2E51712}_sta
[2009.12.24 00:16:37 | 000,000,816 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{2C0FBE61-7A31-447C-9921-4A45E2E51712}_prof
[2009.12.23 02:03:30 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.12.20 00:41:09 | 000,019,626 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009.12.20 00:40:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.12.20 00:40:24 | 000,015,601 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.11.09 17:30:17 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.09 17:30:17 | 000,022,328 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\PnkBstrK.sys
[2009.11.09 16:24:32 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.07.16 05:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2009.11.09 03:45:30 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Bytemobile
[2009.11.09 17:23:59 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\DAEMON Tools Lite
[2010.08.06 12:42:07 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\FileZilla
[2010.07.05 05:41:43 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\FOG Downloader
[2010.04.10 01:48:40 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\GetRightToGo
[2010.06.03 14:10:14 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\ICQ
[2010.05.12 17:42:34 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\LolClient
[2010.03.27 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.02.26 01:18:55 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\OpenOffice.org
[2009.12.30 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\TeamViewer
[2010.07.20 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\TS3Client
[2010.05.01 07:54:28 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\uTorrent
[2009.11.09 03:45:30 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Vodafone
[2009.11.09 03:46:54 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Vodafone Mobile Connect
[2010.08.02 00:42:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

//////////////////////////////////////////////////////////////////////////////////////////////////

Extras.txt :OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.08.2010 20:19:29 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Taxxi Maxxi Sedri\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 37,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 166,98 Gb Free Space | 71,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CAGLAR
Current User Name: Taxxi Maxxi Sedri
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0524D62A-72D6-4D01-B4E8-546BA5B0B9EC}_is1" = eDgMt2 Client 1.0
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"eDgMt2 Client v1" = eDgMt2 Client v1
"FileZilla Client" = FileZilla Client 3.3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GhostMouse 2.0" = GhostMouse 2.0
"Google Chrome" = Google Chrome
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"League of Legends_is1" = League of Legends
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Messenger Plus! Live" = Messenger Plus! Live
"Metin2_is1" = Metin2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PremiumSoft Navicat Lite 8.2_is1" = PremiumSoft Navicat Lite 8.2
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TUGZip_is1" = TUGZip 3.5
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.08.2010 13:13:13 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x598  Startzeit der fehlerhaften Anwendung: 0x01cb46d42c2b3f90  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 89b59ebc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:13 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0xd38  Startzeit der fehlerhaften Anwendung: 0x01cb46d42c2adde8  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 89b63afc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:13 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x460  Startzeit der fehlerhaften Anwendung: 0x01cb46d42d734ff0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 89b5ecdc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:13 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0xad8  Startzeit der fehlerhaften Anwendung: 0x01cb46d4306762a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 89b6891c-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x1894  Startzeit der fehlerhaften Anwendung: 0x01cb46d43453601c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a93548c-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x1564  Startzeit der fehlerhaften Anwendung: 0x01cb46d43022b880  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a9e29fc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x8b8  Startzeit der fehlerhaften Anwendung: 0x01cb46d42c2b3f90  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a91cdec-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0xfd0  Startzeit der fehlerhaften Anwendung: 0x01cb46d43096a63c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a98f9dc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24077c1e  ID des fehlerhaften
 Prozesses: 0xd24  Startzeit der fehlerhaften Anwendung: 0x01cb46d42a8aaef0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a97251c-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0xb6c  Startzeit der fehlerhaften Anwendung: 0x01cb46d42dd0f68c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a95294c-b2c7-11df-978b-90e6bac3616d
 
[ System Events ]
Error - 28.08.2010 09:02:41 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
Error - 28.08.2010 09:40:01 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
Error - 28.08.2010 10:32:10 | Computer Name = caglar | Source = bowser | ID = 8003
Description = 
 
Error - 28.08.2010 12:09:51 | Computer Name = caglar | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?08.?2010 um 18:08:37 unerwartet heruntergefahren.
 
Error - 28.08.2010 12:09:53 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
Error - 28.08.2010 12:11:07 | Computer Name = caglar | Source = DCOM | ID = 10010
Description = 
 
Error - 28.08.2010 12:37:27 | Computer Name = caglar | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?08.?2010 um 18:35:34 unerwartet heruntergefahren.
 
Error - 28.08.2010 12:37:30 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
Error - 28.08.2010 13:16:25 | Computer Name = caglar | Source = BROWSER | ID = 8032
Description = 
 
Error - 28.08.2010 13:48:51 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
 
< End of report >
--- --- ---
Alt 28.08.2010, 19:55   #17
john.doe
 
Pc startet sehr viele Winlogon.exe prozesse . - Standard

Pc startet sehr viele Winlogon.exe prozesse .


Dein ICQ ist veraltet und von Filesharing (uTorrent) solltest du die Finger lassen, denn
a) werden darüber zunehmend Schädlinge verbreitet und
b) kann es sehr teuer werden, wenn du urheberrechtlich geschützte Sachen damit ziehst.

1.) Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 42 03 E6 DE 60 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.1.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.1.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.1.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKCU..\Run: [HKCU] C:\Windows\System32\Winlog\Winlogon.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O33 - MountPoints2\{2fa79c08-cd3d-11de-9265-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{2fa79c08-cd3d-11de-9265-001617c7df13}\Shell\AutoRun\command - "" = J:\Install.exe -- File not found
O33 - MountPoints2\{97a642fa-cccc-11de-a766-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{97a642fa-cccc-11de-a766-001617c7df13}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{97a643b9-cccc-11de-a766-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{97a643b9-cccc-11de-a766-001617c7df13}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.) Erstelle und poste neue Logs mit OTL.

ciao, andreas
__________________

__________________
Antwort
Seite 2 von 2 1 2

Themen zu Pc startet sehr viele Winlogon.exe prozesse .
ask toolbar, ask.com, bho, desktop, explorer, firefox, helper, hijack, hijackthis, hängen, icq, internet, internet explorer, lan, messenger, micro, microsoft, mozilla, nvidia, plug-in, problem, prozesse, software, system, windows, winlogon.exe, winsock, wireless, wireless lan


« Avira meldet Fund von TR/Crypt.Xpack.gen | Postbank Trojaner möchte 20 Tans beim einloggen »


Ähnliche Themen: Pc startet sehr viele Winlogon.exe prozesse .


  1. CMD-Fenster öffnet sich bei Systemstart und startet viele verschiedene Prozesse
    Plagegeister aller Art und deren Bekämpfung - 03.09.2015 (14)
  2. Zu viele Prozesse
    Plagegeister aller Art und deren Bekämpfung - 17.05.2015 (10)
  3. Sehr viele Prozesse im Taskmanager. Normal?
    Log-Analyse und Auswertung - 10.10.2014 (5)
  4. Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig
    Plagegeister aller Art und deren Bekämpfung - 09.08.2014 (5)
  5. Sehr viele "iexplore.exe" Prozesse im Taskmanager
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (15)
  6. Sehr viele Prozesse (88-92)
    Log-Analyse und Auswertung - 09.11.2013 (5)
  7. 2 Winlogon Prozesse - 100kb Uploadtraffic - fremde RemoteIP
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (13)
  8. Zu viele laufende Prozesse
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (7)
  9. WinXP Host Datei befallen // Antivir startet nicht // viele unbekannte Prozesse
    Log-Analyse und Auswertung - 29.09.2011 (5)
  10. Prozesse csrss.exe, atiedxx.exe, winlogon; Computer langsam
    Log-Analyse und Auswertung - 21.08.2011 (5)
  11. Zu viele Prozesse. Hijackthis log
    Log-Analyse und Auswertung - 25.10.2010 (3)
  12. winlogon.exe und laufende nicht zu beendende Prozesse
    Log-Analyse und Auswertung - 26.07.2010 (43)
  13. Prozesse doppelt, PC sehr sehr langsam, hängt sich auf, noch zu retten?
    Log-Analyse und Auswertung - 29.06.2010 (2)
  14. Sehr, sehr, sehr viele komische Spammails
    Überwachung, Datenschutz und Spam - 08.05.2009 (2)
  15. Browser öffnen selbstständig, Herunterfahren sehr langsam, viele neue Prozesse
    Log-Analyse und Auswertung - 15.11.2008 (3)
  16. Zu viele Prozesse?
    Log-Analyse und Auswertung - 27.03.2008 (5)
  17. Zu viele Prozesse?
    Log-Analyse und Auswertung - 13.11.2007 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Pc startet sehr viele Winlogon.exe prozesse . - OTL.txt :OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 28.08.2010 20:19:29 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Taxxi Maxxi Sedri\Desktop Ultimate Edition - Pc startet sehr viele Winlogon.exe prozesse ....
Archiv
Du betrachtest: Pc startet sehr viele Winlogon.exe prozesse . auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55