Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Pc startet sehr viele Winlogon.exe prozesse . (https://www.trojaner-board.de/90138-pc-startet-sehr-viele-winlogon-exe-prozesse.html)

caglarinho 28.08.2010 15:48
Pc startet sehr viele Winlogon.exe prozesse .
 
Hallo comm.

Ich hab ein Problem mit meinem rechner, der startet sehr viele winlogon.exe prozesse im task manager und mein rechner fängt an richtig zu hängen und zu laggen . Ich poste einfach mal mein hijackthis log, ich hoffe jemand kann mir helfen . Danke im vorraus .

mfg

caglarinho
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:38, on 28.08.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hama\Common\RaUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Taxxi Maxxi Sedri\Desktop\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\Winlog\Winlogon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\Winlog\Winlogon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\Winlog\Winlogon.exe
O4 - Startup: sidebar.lnk = ?
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1ca7b84a3abc119) (gupdate1ca7b84a3abc119) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
 
--
End of file - 5258 bytes
--- --- ---

john.doe 28.08.2010 15:56
Hallo caglarinho und :hallo:

1.) Lade die Datei
Zitat:
C:\Windows\system32\Winlog\Winlogon.exe
bitte bei uns hoch. Markiere den Text in der Box, kopiere ihn und füge ihn im Uploadchannel ein => http://www.trojaner-board.de/54791-a...ner-board.html (nur Schritt 2)

2.) Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die Liste unter Punkt 2 (nur Alternative B) ab.

ciao, andreas

caglarinho 28.08.2010 16:03
danke john.doe , ich hab da nochwas enteckt nähmlich das bei ausführen -> msconfig dann da ein häckchen bei anmCFIA ist , wenn ich das häckchen entferne kommt es wieder ... Ich glaube es ist ein virus


screen : http://www5.pic-upload.de/28.08.10/u79s4dh85ook.png

john.doe 28.08.2010 16:07
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

ciao, andreas

caglarinho 28.08.2010 18:16
Und was sagt Ihr dazu :) ?

http://www5.pic-upload.de/28.08.10/eh6avgzqwk7m.png

john.doe 28.08.2010 18:18
Das du Schädlinge an Board hast und zwar haufenweise. Nur es wird nicht dadurch besser, dass du hier ein Screenshot nach dem Anderen postest, sondern die Liste abarbeitest. :)

Oder möchtest du hier tatsächlich nur diskutieren? :confused:

ciao, andreas

caglarinho 28.08.2010 18:20
das mit dem upload?

john.doe 28.08.2010 18:21
Ja, damit ich weiß, mit wem ich es zu tun habe. ;)

ciao, andreas

caglarinho 28.08.2010 18:22
ja wo find ich den virus es starten imemr nur mehrere winlogon exen und mehr nicht , was soll ich uberhaupt hochladen?

john.doe 28.08.2010 18:24
Überspringe den Punkt, das wird anders geregelt. Weiter mit Punkt 2 auf der Liste, also Malwarebytes und OTL. Alle 3 Logs posten, dann geht es weiter.

ciao, andreas

caglarinho 28.08.2010 18:52
Also erstmal Log file :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4495

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.08.2010 19:46:28
mbam-log-2010-08-28 (19-46-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 128023
Laufzeit: 7 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{xq881j2h-07ya-wrbn-4p25-xn85w68vyevt} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.VirTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.VirTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.VirTool) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\Winlog\Winlogon.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Taxxi Maxxi Sedri\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Taxxi Maxxi Sedri\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Taxxi Maxxi Sedri\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
C:\Users\Taxxi Maxxi Sedri\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.



und hier ein screen was er so gefunden hat :

http://www5.pic-upload.de/28.08.10/2c7bxykkam.png

caglarinho 28.08.2010 18:59
der virus scheint weg zu sein ... bei ausführen -> msconfig ist anmCFIA auch verschwunden komischerweise .. es starten auch keine prozesse mehr , danke johndoe :)

mfg

john.doe 28.08.2010 19:08
Weiter mit den Logs von OTL, der Rechner ist noch lange nicht sauber. :nono:

ciao, andreas

caglarinho 28.08.2010 19:11
wie weiter mit den logs ? ich hab einmal durchgescannt und hatte nur einen log

gibt es hier auch einen thread uber otl wie bei anti malware?

john.doe 28.08.2010 19:16
http://www.trojaner-board.de/85104-o...-oldtimer.html

ciao, andreas

caglarinho 28.08.2010 19:26
OTL.txt :OTL Logfile:
Code:
OTL logfile created on: 28.08.2010 20:19:29 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Taxxi Maxxi Sedri\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 37,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 166,98 Gb Free Space | 71,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CAGLAR
Current User Name: Taxxi Maxxi Sedri
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Taxxi Maxxi Sedri\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamSpeak 3 Client2\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Programme\League of Legends\Air\LolClient.exe ()
PRC - C:\Programme\League of Legends\lol.launcher.exe (Solid State Networks)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Taxxi Maxxi Sedri\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100304.005\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100304.005\NAVENG.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0401000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0401000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0401000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0401000.020\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\N360\0401000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0401000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0401000.020\SYMDS.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSVix86.sys (Symantec Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 42 03 E6 DE 60 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.118
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010.08.28 17:15:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010.08.28 17:15:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 14:01:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 09:34:19 | 000,000,000 | ---D | M]
 
[2009.11.10 23:23:00 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Extensions
[2010.08.28 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Firefox\Profiles\3l5oe96x.default\extensions
[2010.07.19 12:48:21 | 000,000,000 | ---D | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Firefox\Profiles\3l5oe96x.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010.06.13 18:44:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Firefox\Profiles\3l5oe96x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.01.16 19:52:22 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\mozilla\Firefox\Profiles\3l5oe96x.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010.08.26 08:34:59 | 000,000,944 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Mozilla\FireFox\Profiles\3l5oe96x.default\searchplugins\icqplugin.xml
[2010.08.21 13:19:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.09 16:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.13 18:43:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.21 13:19:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.11.23 15:37:42 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.1.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.1.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.1.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [HKCU] C:\Windows\System32\Winlog\Winlogon.exe File not found
O4 - Startup: C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Windows Sidebar\sidebar.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fa79c08-cd3d-11de-9265-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{2fa79c08-cd3d-11de-9265-001617c7df13}\Shell\AutoRun\command - "" = J:\Install.exe -- File not found
O33 - MountPoints2\{97a642fa-cccc-11de-a766-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{97a642fa-cccc-11de-a766-001617c7df13}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{97a643b9-cccc-11de-a766-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{97a643b9-cccc-11de-a766-001617c7df13}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.28 20:17:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Taxxi Maxxi Sedri\Desktop\OTL.exe
[2010.08.28 19:44:11 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\norton
[2010.08.28 19:33:14 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Malwarebytes
[2010.08.28 19:33:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.28 19:32:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.28 19:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.28 19:32:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.28 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\CrashDumps
[2010.08.28 17:14:56 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.08.28 17:14:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.08.28 17:14:51 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.08.28 17:14:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.08.28 17:14:51 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.08.28 17:14:34 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.sys
[2010.08.28 17:14:34 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symtdiv.sys
[2010.08.28 17:14:34 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\SymDS.sys
[2010.08.28 17:14:34 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.sys
[2010.08.28 17:14:34 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\SymEFA.sys
[2010.08.28 17:14:34 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\Ironx86.sys
[2010.08.28 17:14:34 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.sys
[2010.08.28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010.08.28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0401000.020
[2010.08.28 17:14:10 | 000,000,000 | ---D | C] -- C:\Programme\Norton 360
[2010.08.28 17:14:00 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.08.27 23:38:54 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\x3n Hack v1
[2010.08.26 22:51:05 | 000,000,000 | ---D | C] -- C:\Programme\LittleFighter2
[2010.08.21 13:20:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.08.21 13:19:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.21 13:19:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.21 13:19:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.11 12:24:26 | 000,000,000 | ---D | C] -- C:\Programme\eDgMt2
[2010.08.10 23:00:04 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.10 23:00:04 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.10 23:00:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.10 22:55:39 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.10 22:55:38 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 22:55:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.10 22:55:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.10 22:55:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.10 22:55:17 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.10 22:55:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.10 22:55:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.10 22:55:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.10 22:55:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.10 22:55:04 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.03 17:07:30 | 000,000,000 | R--D | C] -- C:\Users\Taxxi Maxxi Sedri\Virtual Machines
[2010.08.03 16:10:40 | 000,000,000 | ---D | C] -- C:\Users\Taxxi Maxxi Sedri\Documents\BattleForge
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.28 20:22:15 | 007,864,320 | -HS- | M] () -- C:\Users\Taxxi Maxxi Sedri\NTUSER.DAT
[2010.08.28 20:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Taxxi Maxxi Sedri\Desktop\OTL.exe
[2010.08.28 20:13:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.28 19:56:12 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.28 19:56:12 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.28 19:48:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.28 19:48:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.28 19:48:42 | 804,704,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.28 19:47:10 | 002,216,051 | -H-- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\IconCache.db
[2010.08.28 17:15:37 | 001,014,558 | ---- | M] () -- C:\Windows\System32\drivers\N360\0401000.020\Cat.DB
[2010.08.28 17:14:51 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.08.28 17:14:51 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.08.28 17:14:51 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.08.28 17:14:41 | 000,002,394 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010.08.27 22:47:24 | 000,058,406 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\SQLite3.dll
[2010.08.23 22:54:19 | 000,000,817 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{0393BE67-FCC5-4272-BDE4-AB37D4DA95F8}_prof
[2010.08.23 22:54:18 | 000,000,842 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{0393BE67-FCC5-4272-BDE4-AB37D4DA95F8}_sta
[2010.08.23 22:53:28 | 000,000,842 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{18A9FDC6-2030-49AD-A366-EB0B6A560C5C}_sta
[2010.08.23 22:53:28 | 000,000,817 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{18A9FDC6-2030-49AD-A366-EB0B6A560C5C}_prof
[2010.08.22 20:32:11 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.22 20:32:11 | 000,650,340 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.22 20:32:11 | 000,611,672 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.22 20:32:11 | 000,129,358 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.22 20:32:11 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.13 16:23:34 | 000,000,841 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{A7EBD742-3C78-4A75-90C7-ACEFC4E79D3B}_sta
[2010.08.13 16:23:34 | 000,000,817 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{A7EBD742-3C78-4A75-90C7-ACEFC4E79D3B}_prof
[2010.08.11 12:18:20 | 000,307,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.03 18:41:40 | 000,000,842 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{2C0FBE61-7A31-447C-9921-4A45E2E51712}_sta
[2010.08.03 18:41:40 | 000,000,816 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{2C0FBE61-7A31-447C-9921-4A45E2E51712}_prof
[2010.08.02 20:51:35 | 000,204,114 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\Documents\ts3_clientui-win32-11239-2010-08-02 20_51_28.095050.dmp
[2010.08.02 12:26:16 | 000,000,841 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{C326D83D-C58A-40D7-86DA-2F799DEA8EEB}_sta
[2010.08.02 12:26:16 | 000,000,816 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{C326D83D-C58A-40D7-86DA-2F799DEA8EEB}_prof
[2010.08.02 00:42:24 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.01 22:39:29 | 000,000,842 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{D52E2340-DFE2-4347-92CD-437504620D28}_sta
[2010.08.01 22:39:29 | 000,000,816 | ---- | M] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{D52E2340-DFE2-4347-92CD-437504620D28}_prof
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.28 17:15:13 | 001,014,558 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\Cat.DB
[2010.08.28 17:14:51 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.08.28 17:14:51 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.08.28 17:14:41 | 000,002,394 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010.08.28 17:14:22 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymEFA.inf
[2010.08.28 17:14:22 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymDS.inf
[2010.08.28 17:14:22 | 000,001,754 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\ccHPx86.inf
[2010.08.28 17:14:22 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymNetV.inf
[2010.08.28 17:14:22 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymNet.inf
[2010.08.28 17:14:22 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.inf
[2010.08.28 17:14:22 | 000,001,382 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.inf
[2010.08.28 17:14:22 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\Iron.inf
[2010.08.28 17:14:13 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnetv.cat
[2010.08.28 17:14:13 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymEFA.cat
[2010.08.28 17:14:13 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.cat
[2010.08.28 17:14:13 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.cat
[2010.08.28 17:14:13 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\iron.cat
[2010.08.28 17:14:13 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymDS.cat
[2010.08.28 17:14:13 | 000,007,396 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.cat
[2010.08.28 17:14:13 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\SymNet.cat
[2010.08.28 17:14:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\isolate.ini
[2010.08.27 22:47:24 | 000,058,406 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\SQLite3.dll
[2010.08.02 20:51:28 | 000,204,114 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\Documents\ts3_clientui-win32-11239-2010-08-02 20_51_28.095050.dmp
[2010.06.25 11:02:17 | 000,000,834 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{F865EADE-0965-4B73-8693-312C91CD0150}_sta
[2010.06.25 11:02:15 | 000,000,830 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{F865EADE-0965-4B73-8693-312C91CD0150}_prof
[2010.03.28 19:52:54 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.03.26 14:39:59 | 000,000,842 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{0393BE67-FCC5-4272-BDE4-AB37D4DA95F8}_sta
[2010.03.26 14:39:56 | 000,000,817 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{0393BE67-FCC5-4272-BDE4-AB37D4DA95F8}_prof
[2010.03.25 16:13:11 | 000,000,841 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{A7EBD742-3C78-4A75-90C7-ACEFC4E79D3B}_sta
[2010.03.25 16:13:08 | 000,000,817 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{A7EBD742-3C78-4A75-90C7-ACEFC4E79D3B}_prof
[2010.02.27 15:50:50 | 000,000,842 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{18A9FDC6-2030-49AD-A366-EB0B6A560C5C}_sta
[2010.02.27 15:50:48 | 000,000,817 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{18A9FDC6-2030-49AD-A366-EB0B6A560C5C}_prof
[2010.02.16 00:53:21 | 000,027,839 | -H-- | C] () -- C:\Programme\buildlog.txt
[2010.02.13 23:01:50 | 000,005,120 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.10 18:04:28 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.02.09 13:59:47 | 000,000,841 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{C326D83D-C58A-40D7-86DA-2F799DEA8EEB}_sta
[2010.02.09 13:59:40 | 000,000,816 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{C326D83D-C58A-40D7-86DA-2F799DEA8EEB}_prof
[2010.02.02 20:56:40 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010.02.01 20:25:27 | 000,019,894 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\UserTile.png
[2010.01.24 16:28:21 | 000,000,842 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{D52E2340-DFE2-4347-92CD-437504620D28}_sta
[2010.01.24 16:28:20 | 000,000,816 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{D52E2340-DFE2-4347-92CD-437504620D28}_prof
[2010.01.16 21:20:41 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.01.16 21:20:41 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.12.24 00:16:40 | 000,000,842 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{2C0FBE61-7A31-447C-9921-4A45E2E51712}_sta
[2009.12.24 00:16:37 | 000,000,816 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Local\RT73_{2C0FBE61-7A31-447C-9921-4A45E2E51712}_prof
[2009.12.23 02:03:30 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.12.20 00:41:09 | 000,019,626 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009.12.20 00:40:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.12.20 00:40:24 | 000,015,601 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.11.09 17:30:17 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.09 17:30:17 | 000,022,328 | ---- | C] () -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\PnkBstrK.sys
[2009.11.09 16:24:32 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.07.16 05:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2009.11.09 03:45:30 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Bytemobile
[2009.11.09 17:23:59 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\DAEMON Tools Lite
[2010.08.06 12:42:07 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\FileZilla
[2010.07.05 05:41:43 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\FOG Downloader
[2010.04.10 01:48:40 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\GetRightToGo
[2010.06.03 14:10:14 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\ICQ
[2010.05.12 17:42:34 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\LolClient
[2010.03.27 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.02.26 01:18:55 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\OpenOffice.org
[2009.12.30 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\TeamViewer
[2010.07.20 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\TS3Client
[2010.05.01 07:54:28 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\uTorrent
[2009.11.09 03:45:30 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Vodafone
[2009.11.09 03:46:54 | 000,000,000 | ---D | M] -- C:\Users\Taxxi Maxxi Sedri\AppData\Roaming\Vodafone Mobile Connect
[2010.08.02 00:42:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

//////////////////////////////////////////////////////////////////////////////////////////////////

Extras.txt :OTL Logfile:
Code:
OTL Extras logfile created on: 28.08.2010 20:19:29 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Taxxi Maxxi Sedri\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 37,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 166,98 Gb Free Space | 71,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CAGLAR
Current User Name: Taxxi Maxxi Sedri
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0524D62A-72D6-4D01-B4E8-546BA5B0B9EC}_is1" = eDgMt2 Client 1.0
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"eDgMt2 Client v1" = eDgMt2 Client v1
"FileZilla Client" = FileZilla Client 3.3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GhostMouse 2.0" = GhostMouse 2.0
"Google Chrome" = Google Chrome
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"League of Legends_is1" = League of Legends
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Messenger Plus! Live" = Messenger Plus! Live
"Metin2_is1" = Metin2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PremiumSoft Navicat Lite 8.2_is1" = PremiumSoft Navicat Lite 8.2
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TUGZip_is1" = TUGZip 3.5
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.08.2010 13:13:13 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x598  Startzeit der fehlerhaften Anwendung: 0x01cb46d42c2b3f90  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 89b59ebc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:13 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0xd38  Startzeit der fehlerhaften Anwendung: 0x01cb46d42c2adde8  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 89b63afc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:13 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x460  Startzeit der fehlerhaften Anwendung: 0x01cb46d42d734ff0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 89b5ecdc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:13 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0xad8  Startzeit der fehlerhaften Anwendung: 0x01cb46d4306762a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 89b6891c-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x1894  Startzeit der fehlerhaften Anwendung: 0x01cb46d43453601c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a93548c-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x1564  Startzeit der fehlerhaften Anwendung: 0x01cb46d43022b880  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a9e29fc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0x8b8  Startzeit der fehlerhaften Anwendung: 0x01cb46d42c2b3f90  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a91cdec-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0xfd0  Startzeit der fehlerhaften Anwendung: 0x01cb46d43096a63c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a98f9dc-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24077c1e  ID des fehlerhaften
 Prozesses: 0xd24  Startzeit der fehlerhaften Anwendung: 0x01cb46d42a8aaef0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a97251c-b2c7-11df-978b-90e6bac3616d
 
Error - 28.08.2010 13:13:14 | Computer Name = caglar | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24017c1e  ID des fehlerhaften
 Prozesses: 0xb6c  Startzeit der fehlerhaften Anwendung: 0x01cb46d42dd0f68c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8a95294c-b2c7-11df-978b-90e6bac3616d
 
[ System Events ]
Error - 28.08.2010 09:02:41 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
Error - 28.08.2010 09:40:01 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
Error - 28.08.2010 10:32:10 | Computer Name = caglar | Source = bowser | ID = 8003
Description =
 
Error - 28.08.2010 12:09:51 | Computer Name = caglar | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?08.?2010 um 18:08:37 unerwartet heruntergefahren.
 
Error - 28.08.2010 12:09:53 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
Error - 28.08.2010 12:11:07 | Computer Name = caglar | Source = DCOM | ID = 10010
Description =
 
Error - 28.08.2010 12:37:27 | Computer Name = caglar | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?08.?2010 um 18:35:34 unerwartet heruntergefahren.
 
Error - 28.08.2010 12:37:30 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
Error - 28.08.2010 13:16:25 | Computer Name = caglar | Source = BROWSER | ID = 8032
Description =
 
Error - 28.08.2010 13:48:51 | Computer Name = caglar | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
 
< End of report >
--- --- ---

john.doe 28.08.2010 19:55
Dein ICQ ist veraltet und von Filesharing (uTorrent) solltest du die Finger lassen, denn
a) werden darüber zunehmend Schädlinge verbreitet und
b) kann es sehr teuer werden, wenn du urheberrechtlich geschützte Sachen damit ziehst.

1.) Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 42 03 E6 DE 60 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.1.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.1.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.1.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKCU..\Run: [HKCU] C:\Windows\System32\Winlog\Winlogon.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O33 - MountPoints2\{2fa79c08-cd3d-11de-9265-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{2fa79c08-cd3d-11de-9265-001617c7df13}\Shell\AutoRun\command - "" = J:\Install.exe -- File not found
O33 - MountPoints2\{97a642fa-cccc-11de-a766-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{97a642fa-cccc-11de-a766-001617c7df13}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{97a643b9-cccc-11de-a766-001617c7df13}\Shell - "" = AutoRun
O33 - MountPoints2\{97a643b9-cccc-11de-a766-001617c7df13}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]

2.) Erstelle und poste neue Logs mit OTL.

ciao, andreas


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19