Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Icq Wurm"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.12.2009, 11:43   #1
xfire10
 
"Icq Wurm" - Standard

"Icq Wurm"



Hallo,

ein bekanntes Problem, für welches ich zwar schon eine Anleitung zur Bekämpfung gefunden habe, allerdings ging dies nicht für Win 7.

Problem: Unter meinem ICQ-Account werden Links an mind. sehr viele Kontakte gesendet ( sieht nach russischen Zeichen aus ). Ich habe in letzter Zeit sehr oft Anfragen von solchen mysteriösen Kontakten ( "Maren Geebert" ) etc bekommen, natürlich alle geblockt. Diese ANfragen kamen in Spitzenzeiten 2-3 mal die Stunde. Antivir-Check hat nichts ergeben. Frage : ist es nötig, das Betriebssystem komplett neu aufzusetzen? Wenn ja, dann auch mit dem Netbook, mit dem ich auch oft online war? Ist dann nicht aber auch gleich ein neuer ICQ - Account von nöten, imemrhin scheinen die ja mein PW gehabt zu haben ( bzw immernoch zu haben - ich habs gestern geändert ).

Wäre für jegliche Hilfe dankbar.

Betriebssystem : Win 7 64bit
Messenger : QIP / Trillian.

Alt 29.12.2009, 19:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Icq Wurm" - Standard

"Icq Wurm"



Hallo und

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Bitte Malwarebytes ausführen und das Log posten, dann sehen wir weiter.
__________________

__________________

Alt 29.12.2009, 20:52   #3
xfire10
 
"Icq Wurm" - Standard

"Icq Wurm"



Hallo, danke für die freundliche Aufnahme im Forum

Hier der Log :

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3451
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.12.2009 21:50:28
mbam-log-2009-12-29 (21-50-22).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 349999
Laufzeit: 36 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\CMan\AppData\Local\Temp\wsonaecrxm.exe (Trojan.FakeAlert) -> No action taken.
__________________

Alt 29.12.2009, 22:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Icq Wurm" - Standard

"Icq Wurm"



Hast Du Dein Passwort schon von einer sauberen Maschine aus geändert für ICQ?
Wie einfach oder kompliziert war es gestrickt? Hast Du Dich mit diesem ICQ-Konto auch an anderen Rechnern eingeloggt, Rechnern, die möglicherweise auch verseucht waren?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.12.2009, 22:13   #5
xfire10
 
"Icq Wurm" - Standard

"Icq Wurm"



Also seitdem das Problem aufgetreten ist, habe ich mich nur auf meinem Haptrechner + Netbook ( ebenfalls Win7, 32bit ) eingeloggt. Zugegebenermaßen war das Passwort eher simpel als kompliziert. Ich kann das PW ja nochmal vom Netbook aus ändern.


Alt 29.12.2009, 22:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Icq Wurm" - Standard

"Icq Wurm"



Wieso ebenfalls 32 Bit? Ich dachte das hier:

Zitat:
Betriebssystem : Win 7 64bit
Messenger : QIP / Trillian.
ist leider ein ziemlicher Unterschied ob 32 oder 64
__________________
--> "Icq Wurm"

Alt 29.12.2009, 22:17   #7
xfire10
 
"Icq Wurm" - Standard

"Icq Wurm"



Sry schlecht ausgedrückt, ebenfalls win7, aber aufm netbook ist 32bit und aufm Hauptrechner die 64 bit version

Alt 30.12.2009, 08:50   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Icq Wurm" - Standard

"Icq Wurm"



Beobachte erstmal, ob das nach der Passwortänderung (ein deutlich komplizierteres PW bitte nehmen) immer noch auftritt. Wenn ja, ackerst Du die Liste für das 32-Bit-Netbook ab ( RSIT + CCleaner + Malwarebytes )
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2010, 19:24   #9
xfire10
 
"Icq Wurm" - Standard

"Icq Wurm"



Problem besteht leider weiterhin, habe jetzt die Liste für mein Netbook abgearbeitet, außer RSIT, da bekomme ich immer eine Fehlermeldung bei der Installation. Malwarebytes hat nichts gefunden.

Alt 04.01.2010, 11:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Icq Wurm" - Standard

"Icq Wurm"



Dann statt RSIT bitte OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2010, 12:14   #11
xfire10
 
"Icq Wurm" - Standard

"Icq Wurm"



Hi, hier die 2 Logs:

OTL logfile created on: 04.01.2010 13:05:41 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\CMan\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,10 Gb Total Space | 9,77 Gb Free Space | 26,33% Space Free | Partition Type: NTFS
Drive D: | 8,12 Gb Total Space | 1,88 Gb Free Space | 23,21% Space Free | Partition Type: FAT32
Drive E: | 29,30 Gb Total Space | 18,12 Gb Free Space | 61,85% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CMAN
Current User Name: CMan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\CMan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)


========== Modules (SafeList) ==========

MOD - C:\Users\CMan\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 64 52 AE 1E 57 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.26 07:56:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.26 07:56:48 | 00,000,000 | ---D | M]

[2009.10.27 17:03:27 | 00,000,000 | ---D | M] -- C:\Users\CMan\AppData\Roaming\mozilla\Extensions
[2010.01.04 09:25:37 | 00,000,000 | ---D | M] -- C:\Users\CMan\AppData\Roaming\mozilla\Firefox\Profiles\h2gxcy6j.default\extensions
[2009.10.27 20:04:10 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\CMan\AppData\Roaming\mozilla\Firefox\Profiles\h2gxcy6j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.10.27 19:28:00 | 00,002,061 | ---- | M] () -- C:\Users\CMan\AppData\Roaming\Mozilla\FireFox\Profiles\h2gxcy6j.default\searchplugins\qipsearch.xml
[2009.12.03 22:01:34 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CMan\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.02.08 10:48:36 | 00,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{70ffdfe6-c63f-11de-933a-001d92568a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{70ffdfe6-c63f-11de-933a-001d92568a7a}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{70ffdfec-c63f-11de-933a-001d92568a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{70ffdfec-c63f-11de-933a-001d92568a7a}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.02 19:15:39 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Roaming\Malwarebytes
[2010.01.02 19:15:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.01.02 19:15:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.01.02 19:15:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.01.02 19:15:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.01.02 19:07:07 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.01.02 19:03:40 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.01.02 19:03:39 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.20 15:58:27 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Roaming\Trillian
[2009.12.20 15:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009.12.10 12:01:56 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

========== Files - Modified Within 30 Days ==========

[2010.01.04 13:03:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.04 13:02:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.04 13:02:49 | 16,022,03648 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.04 10:31:55 | 01,048,576 | -HS- | M] () -- C:\Users\CMan\NTUSER.DAT
[2010.01.04 10:22:06 | 00,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.04 10:22:06 | 00,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.02 23:24:20 | 03,009,231 | -H-- | M] () -- C:\Users\CMan\AppData\Local\IconCache.db
[2010.01.02 19:15:35 | 00,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.02 19:12:45 | 00,000,454 | ---- | M] () -- C:\Users\CMan\Desktop\cc_20100102_191219.reg
[2010.01.02 19:12:10 | 00,000,766 | ---- | M] () -- C:\Users\CMan\Desktop\cc_20100102_191206.reg
[2010.01.02 19:11:51 | 00,001,266 | ---- | M] () -- C:\Users\CMan\Desktop\cc_20100102_191147.reg
[2010.01.02 19:11:31 | 00,017,272 | ---- | M] () -- C:\Users\CMan\Desktop\cc_20100102_191100.reg
[2010.01.02 19:07:07 | 00,001,839 | ---- | M] () -- C:\Users\CMan\Desktop\CCleaner.lnk
[2009.12.30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.12.30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.12.25 00:25:11 | 01,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.12.25 00:25:11 | 00,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.12.25 00:25:11 | 00,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.12.25 00:25:11 | 00,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.12.25 00:25:11 | 00,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.12.20 15:58:06 | 00,001,057 | ---- | M] () -- C:\Users\CMan\Desktop\Trillian.lnk
[2009.12.08 09:44:05 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2010.01.02 19:15:35 | 00,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.02 19:12:20 | 00,000,454 | ---- | C] () -- C:\Users\CMan\Desktop\cc_20100102_191219.reg
[2010.01.02 19:12:08 | 00,000,766 | ---- | C] () -- C:\Users\CMan\Desktop\cc_20100102_191206.reg
[2010.01.02 19:11:49 | 00,001,266 | ---- | C] () -- C:\Users\CMan\Desktop\cc_20100102_191147.reg
[2010.01.02 19:11:22 | 00,017,272 | ---- | C] () -- C:\Users\CMan\Desktop\cc_20100102_191100.reg
[2010.01.02 19:07:07 | 00,001,839 | ---- | C] () -- C:\Users\CMan\Desktop\CCleaner.lnk
[2009.12.20 15:58:06 | 00,001,057 | ---- | C] () -- C:\Users\CMan\Desktop\Trillian.lnk
[2009.07.14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
< End of report >

----------------------------------------------------------------------

OTL Extras logfile created on: 04.01.2010 13:05:41 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\CMan\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,10 Gb Total Space | 9,77 Gb Free Space | 26,33% Space Free | Partition Type: NTFS
Drive D: | 8,12 Gb Total Space | 1,88 Gb Free Space | 23,21% Space Free | Partition Type: FAT32
Drive E: | 29,30 Gb Total Space | 18,12 Gb Free Space | 61,85% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CMAN
Current User Name: CMan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Trillian" = Trillian
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.12.2009 13:25:05 | Computer Name = CMan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll,
Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00096f3b ID des fehlerhaften Prozesses: 0xb54 Startzeit der fehlerhaften Anwendung:
0x01ca743d86edb673 Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win
7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06]
WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: cb61f23d-e030-11de-8971-bbc002b10586

Error - 03.12.2009 13:25:12 | Computer Name = CMan | Source = VSS | ID = 8194
Description =

Error - 03.12.2009 13:27:02 | Computer Name = CMan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll,
Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00096f3b ID des fehlerhaften Prozesses: 0x46c Startzeit der fehlerhaften Anwendung:
0x01ca743dcc32b0c8 Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win
7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06]
WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: 116a6d66-e031-11de-8971-adb8e9bbdfab

Error - 12.12.2009 15:04:28 | Computer Name = CMan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3593,
Zeitstempel: 0x4aef8082 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002fc47 ID des fehlerhaften
Prozesses: 0xaac Startzeit der fehlerhaften Anwendung: 0x01ca7b59333d6a82 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2b69c9ee-e751-11de-8931-b030a30efc83

Error - 16.12.2009 06:20:38 | Computer Name = CMan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll,
Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00096f3b ID des fehlerhaften Prozesses: 0xb5c Startzeit der fehlerhaften Anwendung:
0x01ca7e39638f48dd Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win
7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06]
WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: a72a8ea9-ea2c-11de-8a56-99e2fb008d83

Error - 16.12.2009 06:20:43 | Computer Name = CMan | Source = VSS | ID = 8194
Description =

Error - 16.12.2009 18:59:08 | Computer Name = CMan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll,
Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00096f3b ID des fehlerhaften Prozesses: 0x734 Startzeit der fehlerhaften Anwendung:
0x01ca7ea358c1a060 Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win
7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06]
WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: 9d7e93e3-ea96-11de-902c-b51279cecd87

Error - 16.12.2009 18:59:16 | Computer Name = CMan | Source = VSS | ID = 8194
Description =

Error - 23.12.2009 08:18:01 | Computer Name = CMan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll,
Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00096f3b ID des fehlerhaften Prozesses: 0xdf4 Startzeit der fehlerhaften Anwendung:
0x01ca83c9f104a7d5 Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win
7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06]
WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: 363ec6cd-efbd-11de-99a4-d13ab72f2f87

Error - 23.12.2009 08:18:09 | Computer Name = CMan | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 27.12.2009 06:56:08 | Computer Name = CMan | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 28.12.2009 07:15:03 | Computer Name = CMan | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 28.12.2009 07:17:19 | Computer Name = CMan | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 28.12.2009 08:53:24 | Computer Name = CMan | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 01.01.2010 07:24:53 | Computer Name = CMan | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 02.01.2010 14:00:19 | Computer Name = CMan | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.

Error - 02.01.2010 14:00:55 | Computer Name = CMan | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 04.01.2010 04:15:13 | Computer Name = CMan | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 04.01.2010 05:14:55 | Computer Name = CMan | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 04.01.2010 08:03:25 | Computer Name = CMan | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


< End of report >

Alt 04.01.2010, 13:49   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Icq Wurm" - Standard

"Icq Wurm"



Ich seh da so keine Hinweise
Allerdings besteht das Problem ja anscheinend immer noch wenn ich Dich richtig verstehe.
Wann werden Deine Freunde zugespammt von "Dir", ist Dein Rechner da immer an oder unabhängig davon, ob Dein Rechner on oder off ist?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2010, 15:29   #13
xfire10
 
"Icq Wurm" - Standard

"Icq Wurm"



Hallo, ich werde mal meine Kontakte dazu auffordern, mir bescheid zu geben wann genau diese Nachrichten eintreffen um das besser nachzuvollziehen. Ich habe OTL nochmal auf meinem Hauptrechner ausgeführt, keine Ahnung ob es was bringt aber hier die 2 Logs :

OTL logfile created on: 04.01.2010 16:21:33 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\CMan\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 209,00 Gb Total Space | 126,33 Gb Free Space | 60,44% Space Free | Partition Type: NTFS
Drive D: | 197,28 Gb Total Space | 197,14 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 499,90 Gb Total Space | 427,72 Gb Free Space | 85,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,32% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTOPHER
Current User Name: CMan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\CMan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)


========== Modules (SafeList) ==========

MOD - C:\Users\CMan\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (.1256332214) -- C:\Program Files (x86)\1256332214\CMan1256332214L.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100103.020\EX64.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100103.020\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys (Symantec Corporation)
DRV - (CSC) -- C:\Windows\CSC [2009.10.23 21:54:24 | 00,000,000 | ---D | M]
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 4F 3B E5 C2 72 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files (x86)\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009.12.30 13:30:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009.12.30 13:30:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.12.16 18:30:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.12.16 18:30:39 | 00,000,000 | ---D | M]

[2009.10.23 22:17:41 | 00,000,000 | ---D | M] -- C:\Users\CMan\AppData\Roaming\mozilla\Extensions
[2009.10.24 07:42:30 | 00,000,000 | ---D | M] -- C:\Users\CMan\AppData\Roaming\mozilla\Firefox\Profiles\nqioewsm.default\extensions
[2009.10.24 00:22:24 | 00,002,061 | ---- | M] () -- C:\Users\CMan\AppData\Roaming\Mozilla\FireFox\Profiles\nqioewsm.default\searchplugins\qipsearch.xml
[2009.11.09 15:23:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: (1077 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mynortonaccount.conxion.com
O1 - Hosts: 127.0.0.1 lcsitemain.conxion.com
O1 - Hosts: 127.0.0.1 lc1alt.symantec.com
O1 - Hosts: 127.0.0.1 lcsitemain.symantec.com
O1 - Hosts: 127.0.0.1 www.mynortonaccount.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files (x86)\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - Startup: C:\Users\CMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = E:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1b274ff0-c016-11de-b476-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1b274ff0-c016-11de-b476-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{2d0a92d9-c018-11de-babd-00241d821b88}\Shell - "" = AutoRun
O33 - MountPoints2\{2d0a92d9-c018-11de-babd-00241d821b88}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{2d0a92db-c018-11de-babd-00241d821b88}\Shell - "" = AutoRun
O33 - MountPoints2\{2d0a92db-c018-11de-babd-00241d821b88}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{2f874cd0-c06a-11de-8b29-00241d821b88}\Shell - "" = AutoRun
O33 - MountPoints2\{2f874cd0-c06a-11de-8b29-00241d821b88}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.01 23:34:53 | 00,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2010.01.01 23:34:31 | 00,000,000 | ---D | C] -- C:\Users\CMan\Documents\TmForever
[2010.01.01 23:34:28 | 00,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.01.01 23:34:28 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.01.01 23:34:27 | 00,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.01.01 23:34:27 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.01.01 23:34:27 | 00,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.01.01 23:34:27 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.01.01 23:34:19 | 03,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010.01.01 23:34:17 | 00,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.01.01 23:34:17 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.01.01 23:34:17 | 00,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.01.01 23:34:17 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.01.01 23:34:16 | 03,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.01.01 23:34:16 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.01.01 23:34:15 | 03,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.01.01 23:34:15 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.01.01 23:34:14 | 03,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.01.01 23:34:14 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010.01.01 23:34:13 | 03,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.01.01 23:34:13 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.01.01 23:34:10 | 03,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.01.01 23:34:10 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.01.01 23:34:08 | 03,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.01.01 23:34:08 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.01.01 23:13:00 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Local\CrashDumps
[2009.12.30 19:34:36 | 00,450,608 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\symtdiv.sys
[2009.12.30 19:34:36 | 00,219,184 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymEFA64.sys
[2009.12.30 19:34:35 | 00,504,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.sys
[2009.12.30 19:34:35 | 00,433,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymDS64.sys
[2009.12.30 19:34:35 | 00,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.sys
[2009.12.30 19:34:34 | 00,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\cchpx64.sys
[2009.12.30 19:34:34 | 00,146,992 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Ironx64.sys
[2009.12.30 19:34:21 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1101000.013
[2009.12.30 13:38:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2009.12.30 13:34:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\1256332214
[2009.12.30 13:30:33 | 00,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2009.12.30 13:30:30 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2009.12.30 13:30:30 | 00,000,000 | ---D | C] -- C:\Programme\Symantec
[2009.12.30 13:30:11 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2009.12.30 13:30:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2009.12.30 13:30:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009.12.30 13:29:33 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009.12.30 13:29:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2009.12.29 21:12:05 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Roaming\Malwarebytes
[2009.12.29 21:12:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.29 21:12:00 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.29 21:12:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009.12.29 21:12:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.12.21 23:14:05 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Local\Winterberg-Modifkation_fü
[2009.12.20 15:46:23 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Roaming\Trillian
[2009.12.10 00:24:59 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009.12.10 00:24:59 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.12.05 20:07:59 | 00,000,000 | ---D | C] -- C:\Users\CMan\Kitserver2010

========== Files - Modified Within 30 Days ==========

[2010.01.04 16:23:43 | 01,835,008 | -HS- | M] () -- C:\Users\CMan\ntuser.dat
[2010.01.04 15:35:34 | 01,057,868 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Cat.DB
[2010.01.04 14:42:55 | 00,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.04 14:42:55 | 00,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.04 14:39:58 | 01,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.01.04 14:39:58 | 00,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.01.04 14:39:58 | 00,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.01.04 14:39:58 | 00,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.01.04 14:39:58 | 00,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.01.04 14:35:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.04 14:35:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.04 14:35:38 | 21,462,95807 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.04 14:34:38 | 01,801,302 | ---- | M] () -- C:\Users\CMan\Desktop\Unbenannt.png
[2010.01.04 14:34:28 | 02,040,221 | -H-- | M] () -- C:\Users\CMan\AppData\Local\IconCache.db
[2010.01.02 23:30:39 | 00,045,720 | ---- | M] () -- C:\Users\CMan\Desktop\n1339923639_156252_9906.jpg
[2010.01.01 23:33:39 | 00,000,779 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2009.12.31 11:31:37 | 00,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009.12.30 13:34:06 | 00,001,077 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009.12.30 13:30:30 | 00,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2009.12.30 13:30:30 | 00,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2009.12.30 13:30:30 | 00,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2009.12.29 21:12:04 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.29 01:46:51 | 00,002,658 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009.12.29 01:46:51 | 00,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2009.12.29 01:46:11 | 00,003,260 | ---- | M] () -- C:\Users\CMan\Desktop\Windows-Kompatibilitätsbericht.htm
[2009.12.28 17:38:39 | 01,233,115 | ---- | M] () -- C:\Users\CMan\Desktop\7450_image_19.jpg
[2009.12.22 19:40:02 | 04,178,616 | ---- | M] () -- C:\Users\CMan\Desktop\MOV00195.MP4
[2009.12.21 23:14:05 | 00,000,036 | ---- | M] () -- C:\updater.guid
[2009.12.20 15:48:34 | 00,000,714 | ---- | M] () -- C:\Users\CMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2009.12.20 15:46:23 | 00,000,796 | ---- | M] () -- C:\Users\CMan\Desktop\Trillian.lnk
[2009.12.17 18:34:29 | 00,000,654 | ---- | M] () -- C:\Users\CMan\Documents\party.rtf
[2009.12.11 17:13:19 | 00,000,167 | ---- | M] () -- C:\Users\CMan\udownload.dat
[2009.12.07 20:40:15 | 00,074,880 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2010.01.04 14:34:38 | 01,801,302 | ---- | C] () -- C:\Users\CMan\Desktop\Unbenannt.png
[2010.01.02 23:30:39 | 00,045,720 | ---- | C] () -- C:\Users\CMan\Desktop\n1339923639_156252_9906.jpg
[2010.01.01 23:33:39 | 00,000,779 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2009.12.31 11:31:17 | 01,057,868 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Cat.DB
[2009.12.30 19:34:36 | 00,007,774 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\symnetv64.cat
[2009.12.30 19:34:36 | 00,007,399 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymEFA64.cat
[2009.12.30 19:34:36 | 00,007,355 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\symnet64.cat
[2009.12.30 19:34:36 | 00,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymEFA.inf
[2009.12.30 19:34:36 | 00,001,474 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymNetV.inf
[2009.12.30 19:34:36 | 00,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymNet.inf
[2009.12.30 19:34:35 | 00,007,465 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymDS64.cat
[2009.12.30 19:34:35 | 00,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.cat
[2009.12.30 19:34:35 | 00,007,401 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.cat
[2009.12.30 19:34:35 | 00,002,793 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymDS.inf
[2009.12.30 19:34:35 | 00,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.inf
[2009.12.30 19:34:35 | 00,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.inf
[2009.12.30 19:34:34 | 00,007,388 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\iron.cat
[2009.12.30 19:34:34 | 00,007,345 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\cchpx64.cat
[2009.12.30 19:34:34 | 00,001,840 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\ccHPx64.inf
[2009.12.30 19:34:34 | 00,000,773 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Iron.inf
[2009.12.30 19:34:21 | 00,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\isolate.ini
[2009.12.30 13:30:33 | 00,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2009.12.30 13:30:33 | 00,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2009.12.30 13:30:23 | 00,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009.12.29 21:12:04 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.29 01:46:11 | 00,003,260 | ---- | C] () -- C:\Users\CMan\Desktop\Windows-Kompatibilitätsbericht.htm
[2009.12.29 01:42:57 | 00,002,658 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009.12.29 01:42:57 | 00,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2009.12.28 20:00:32 | 02,969,395 | ---- | C] () -- C:\Users\CMan\Desktop\DSC_0052.JPG
[2009.12.28 17:38:39 | 01,233,115 | ---- | C] () -- C:\Users\CMan\Desktop\7450_image_19.jpg
[2009.12.22 22:01:02 | 04,178,616 | ---- | C] () -- C:\Users\CMan\Desktop\MOV00195.MP4
[2009.12.21 23:14:05 | 00,000,036 | ---- | C] () -- C:\updater.guid
[2009.12.20 15:48:34 | 00,000,714 | ---- | C] () -- C:\Users\CMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2009.12.20 15:46:23 | 00,000,796 | ---- | C] () -- C:\Users\CMan\Desktop\Trillian.lnk
[2009.12.17 18:34:29 | 00,000,654 | ---- | C] () -- C:\Users\CMan\Documents\party.rtf
[2009.12.11 22:02:06 | 00,910,791 | ---- | C] () -- C:\Users\CMan\Desktop\DSCN1855.JPG
[2009.11.17 00:44:58 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.10.25 15:28:39 | 00,054,404 | ---- | C] () -- C:\Windows\SysWow64\sndspeed.dll
[2009.10.25 15:28:38 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2009.10.24 07:49:02 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.16 10:08:36 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 15:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 15:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.05.16 01:14:50 | 00,000,963 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2007.02.05 19:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
< End of report >

-----------------------------------------------------------------------
OTL Extras logfile created on: 04.01.2010 16:21:33 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\CMan\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 209,00 Gb Total Space | 126,33 Gb Free Space | 60,44% Space Free | Partition Type: NTFS
Drive D: | 197,28 Gb Total Space | 197,14 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 499,90 Gb Total Space | 427,72 Gb Free Space | 85,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,32% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTOPHER
Current User Name: CMan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
"z3ta+_x64_is1" = rgc:audio z3ta+ 1.5 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07CC448E-4FFC-444F-999D-10F11AE559FB}" = aerosoft's - Mallorca X for FSX
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{126B6545-C321-4C22-A8C1-F59065A5E344}" = aerosoft's - FDC Live Cockpit
"{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X
"{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26405538-F6B6-4EDC-8C58-6D291ADA2D38}" = PMDG_BAe_JS4100_3M
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{31AECBEB-BE18-4342-B8AA-DD18F2BAC5B5}" = aerosoft's - German Airports 2-Cologne-Bonn X
"{3B6F6E35-900C-4FE3-B2F6-067443353CD1}" = aerosoft's - Mega Airport Stockholm Arlanda X
"{3DAD565E-1275-4EE8-9568-932CB7B75FB8}" = aerosoft's - German Airports 3 - Berlin-Tegel X
"{417FC1D9-A946-4638-B02C-FD9AE0E96E95}" = Aerosoft's - German Airfields 3
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{74F493A2-1264-4BF2-A135-0184C68BD580}" = aerosoft's - Venice X
"{8233F99B-C4C2-44E9-8486-374E9B300BF2}" = aerosoft's - Mega Airport Madrid Barajas
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A298A7A7-3BD2-42EE-B48C-12C97A9BBF08}" = aerosoft's - German Airports 2 - Dortmund X
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A80712C1-A6E6-423E-A3E2-5C75408EF149}" = aerosoft's - German Airports 2-Muenster-Osnabrueck X
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X
"{B56D25A0-1316-4255-AB45-1147C9D01C5E}" = Aerosoft's - MonacoX
"{C1F98ADD-81BF-45E1-A36B-515CA20B61AF}" = aerosoft's - German Airports 3 - Bremen X
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4E22434-1BCE-4C91-A1E4-FC352DFD4B3B}" = aerosoft's - Mega Airport Frankfurt - FS2004
"{D4FB2856-E6EB-4864-A241-4587ED21A11B}" = aerosoft's - Brussels 2007
"{DAA73076-84A5-4141-A630-79380E48C9D0}" = aerosoft's - Mega Airport Lisbon X
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}" = aerosoft's - German Airports 3 - Hamburg X
"{F293A032-EB67-4ADC-8646-F1AA7F9E0143}" = Aerosoft's - Luxembourg Airports
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F6096C02-08BB-42A2-8683-C24703D4B370}" = PMDG_BAe_JS4100_4Z
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FB647DBE-2231-405D-AC36-C73246CBE305}" = PMDG BAe JS4100
"{FCAC5DCE-DECB-4AA4-AA64-13827EA81B2A}" = aerosoft's - German Airports 3 - Luebeck X
"{FCD605A8-4D9D-4FA8-B9EF-043399C84DBA}" = aerosoft's - Pro Flight Emulator Deluxe
"A2A Wings of Silver B377 Stratocruiser" = A2A Wings of Silver B377 Stratocruiser
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Algebrus_is1" = Algebrus 3.1
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cinergy XS Series" = Cinergy XS Series V5.09.0304.00a
"ClearProg" = ClearProg 1.6.0 Final
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"FL Studio 9" = FL Studio 9
"FS Global 2008 for FSX" = FS Global 2008 for FSX
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"IL Download Manager" = IL Download Manager
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marxio Timer_is1" = Marxio Timer 1.11
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.5
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PoiZone" = PoiZone
"PokerStars" = PokerStars
"reFX Nexus Demo_is1" = reFX Nexus Demo
"rgc:audio z3ta+ VSTi_is1" = rgc:audio z3ta+ VSTi v1.4 DEMO
"Sawer" = Sawer
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"Steam App 10" = Counter-Strike
"TmNationsForever_is1" = TmNationsForever
"Toxic Biohazard" = Toxic Biohazard
"Trillian" = Trillian

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Airline Pack E-190 FS9/FSX (version 1.1)" = Airline Pack E-190 FS9/FSX (version 1.1)
"E-Jets Series (FSX)" = E-Jets Series (FSX)
"FsxAdventures EasyJet Missions Vol 1. v1.0" = FsxAdventures EasyJet Missions Vol 1. v1.0
"FsxAdventures KLM Missions v1.00" = FsxAdventures KLM Missions v1.00
"Lotus Simulations L-39" = Lotus Simulations L-39
"QIP 2005" = QIP 2005 8095
"Ultimate Terrain X - Europe" = Ultimate Terrain X - Europe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.12.2009 16:02:24 | Computer Name = christopher | Source = VSS | ID = 8194
Description =

Error - 13.12.2009 12:28:25 | Computer Name = christopher | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3593 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9d4 Startzeit:
01ca7bf6b66a794a Endzeit: 23 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
4e852a73-e804-11de-bf1b-00241d821b88

Error - 19.12.2009 21:10:09 | Computer Name = christopher | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61472.0, Zeitstempel:
0x475e17d3 Name des fehlerhaften Moduls: sound.dll, Version: 10.0.61472.0, Zeitstempel:
0x475e180f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001572b ID des fehlerhaften Prozesses:
0xebc Startzeit der fehlerhaften Anwendung: 0x01ca8110f5e9d40a Pfad der fehlerhaften
Anwendung: E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
Pfad
des fehlerhaften Moduls: E:\Program Files (x86)\Microsoft Games\Microsoft Flight
Simulator X\sound.dll Berichtskennung: 6a4ad582-ed04-11de-824f-00241d821b88

Error - 21.12.2009 19:16:38 | Computer Name = christopher | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 4.0.0.119,
Zeitstempel: 0x4af33150 Name des fehlerhaften Moduls: toolkit.dll, Version: 4.0.0.119,
Zeitstempel: 0x4af3313e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001cb22 ID des fehlerhaften
Prozesses: 0x8ac Startzeit der fehlerhaften Anwendung: 0x01ca82410a2d158e Pfad der
fehlerhaften Anwendung: E:\Program Files (x86)\Trillian\trillian.exe Pfad des fehlerhaften
Moduls: E:\Program Files (x86)\Trillian\toolkit.dll Berichtskennung: e34ee05e-ee86-11de-a5f1-00241d821b88

Error - 28.12.2009 15:59:57 | Computer Name = christopher | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3622,
Zeitstempel: 0x4b16159b Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
Zeitstempel: 0x4b15ef62 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009cd8 ID des fehlerhaften
Prozesses: 0xdf4 Startzeit der fehlerhaften Anwendung: 0x01ca87d981e2b8d7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\MOZCRT19.dll Berichtskennung:
9234c08b-f3eb-11de-8be7-00241d821b88

Error - 28.12.2009 19:38:23 | Computer Name = christopher | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 4.0.0.119,
Zeitstempel: 0x4af33150 Name des fehlerhaften Moduls: toolkit.dll, Version: 4.0.0.119,
Zeitstempel: 0x4af3313e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001cb22 ID des fehlerhaften
Prozesses: 0x9cc Startzeit der fehlerhaften Anwendung: 0x01ca87ed5bc13e15 Pfad der
fehlerhaften Anwendung: E:\Program Files (x86)\Trillian\trillian.exe Pfad des fehlerhaften
Moduls: E:\Program Files (x86)\Trillian\toolkit.dll Berichtskennung: 15e96031-f40a-11de-8be7-00241d821b88

Error - 01.01.2010 18:07:42 | Computer Name = christopher | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pes2010.exe, Version: 1.0.0.0, Zeitstempel:
0x4aa0787f Name des fehlerhaften Moduls: pes2010.exe, Version: 1.0.0.0, Zeitstempel:
0x4aa0787f Ausnahmecode: 0xc0000005 Fehleroffset: 0x007cb130 ID des fehlerhaften Prozesses:
0x12a0 Startzeit der fehlerhaften Anwendung: 0x01ca8b2c9a33bef8 Pfad der fehlerhaften
Anwendung: E:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2010\pes2010.exe Pfad
des fehlerhaften Moduls: E:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2010\pes2010.exe
Berichtskennung:
14b1465c-f722-11de-b330-00241d821b88

Error - 03.01.2010 16:58:22 | Computer Name = christopher | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7600.16415 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: da4 Startzeit: 01ca8cb770a68bff Endzeit: 6 Anwendungspfad: C:\Program
Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: b510dd9e-f8aa-11de-b311-00241d821b88


Error - 03.01.2010 17:24:53 | Computer Name = christopher | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3622,
Zeitstempel: 0x4b16159b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x13e8 Startzeit der fehlerhaften Anwendung: 0x01ca8cb3b6fa4d15 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6e17b25b-f8ae-11de-b311-00241d821b88

Error - 04.01.2010 09:33:01 | Computer Name = christopher | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3622,
Zeitstempel: 0x4b16159b Name des fehlerhaften Moduls: NPSWF32.dll, Version: 10.0.32.18,
Zeitstempel: 0x4a613f8d Ausnahmecode: 0x40000015 Fehleroffset: 0x0004f391 ID des fehlerhaften
Prozesses: 0x7bc Startzeit der fehlerhaften Anwendung: 0x01ca8d27963cbaf9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32.dll Berichtskennung:
ad5cb1be-f935-11de-8c53-00241d821b88

[ System Events ]
Error - 31.12.2009 14:48:03 | Computer Name = christopher | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 01.01.2010 21:20:51 | Computer Name = christopher | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 02.01.2010 13:06:10 | Computer Name = christopher | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 02.01.2010 15:05:44 | Computer Name = christopher | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 02.01.2010 21:10:46 | Computer Name = christopher | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 03.01.2010 16:05:13 | Computer Name = christopher | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 03.01.2010 18:17:26 | Computer Name = christopher | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 04.01.2010 02:36:50 | Computer Name = christopher | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 04.01.2010 09:34:33 | Computer Name = christopher | Source = DCOM | ID = 10010
Description =

Error - 04.01.2010 09:34:55 | Computer Name = christopher | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32


< End of report >

Alt 05.01.2010, 12:21   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Icq Wurm" - Standard

"Icq Wurm"



Ein Kandidaten hätte ich:

Zitat:
C:\Program Files (x86)\1256332214\CMan1256332214L.exe
Bitte bei Virustotal.com hochladen, auswerten lassen (auch wenn sie schon geprüft wurde) und Ergebnislink posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2010, 12:27   #15
xfire10
 
"Icq Wurm" - Standard

"Icq Wurm"



http://www.virustotal.com/de/reanalisis.html?2fac5d004556f431cafbcf09340fe98f602ef1511fa36df3446580379dddc6a7-1262694339

Antwort

Themen zu "Icq Wurm"
anfrage, anleitung, betriebssystem, frage, fragen, gesendet, geändert, icq, immernoch, komplett, links, natürlich, neu, neuer, nichts, nötig, online, problem, schei, trillian, win, wurm, zeichen, zeiten



Ähnliche Themen: "Icq Wurm"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. "iexplore.exe mit Win32/Dorkbot.B Wurm infiziert - Säubern nicht möglich" was machen?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (3)
  4. Backdoor-Wurm "Phorpiex" - Daten von USB retten?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (2)
  5. Ist "Dwgyyle Wrtchg Wddslfd" ein Trojaner oder Wurm?
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (1)
  6. Virus oder Wurm " Perflib_Perfdata_1cc " & " Perflib_Perfdata_228 "
    Log-Analyse und Auswertung - 23.08.2010 (23)
  7. "Windows Security Center Alert", selbst ein Trojaner/Wurm ?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (5)
  8. Entfernung Wurm "Hacked by Godzilla" - Gibt es ein Programm dafür?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2009 (5)
  9. "google-redirect.com"-Wurm in der Datei "autochk.dll/autochk.exe" - Hilfe
    Plagegeister aller Art und deren Bekämpfung - 11.05.2009 (31)
  10. Trojaner "TR/Vundo.Gen" und Wurm über MSN eigefangen.
    Log-Analyse und Auswertung - 09.11.2008 (2)
  11. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  12. MSN Wurm/Trojaner => "is that u?" => Sehr viele Personen betroffen =>Experten gesucht
    Log-Analyse und Auswertung - 01.12.2006 (13)
  13. System plötzlich "merkwürdig"! langsamer, alter Wurm wieder da, Passwörter weg?
    Log-Analyse und Auswertung - 21.10.2006 (6)
  14. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  15. Wurm/Spyware Look.2.me entfernung "nicht" möglich
    Plagegeister aller Art und deren Bekämpfung - 08.04.2006 (1)
  16. Internet-Wurm "Agobot" in prozessen gefunden!
    Plagegeister aller Art und deren Bekämpfung - 05.12.2005 (2)
  17. Hilfe! nerviger Wurm: "popupsearches"-Popup
    Log-Analyse und Auswertung - 10.04.2005 (7)

Zum Thema "Icq Wurm" - Hallo, ein bekanntes Problem, für welches ich zwar schon eine Anleitung zur Bekämpfung gefunden habe, allerdings ging dies nicht für Win 7. Problem: Unter meinem ICQ-Account werden Links an mind. - "Icq Wurm"...
Archiv
Du betrachtest: "Icq Wurm" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.