| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Icq Wurm"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.12.2009, 12:43
| #1 |
 |  "Icq Wurm" Hallo, ein bekanntes Problem, für welches ich zwar schon eine Anleitung zur Bekämpfung gefunden habe, allerdings ging dies nicht für Win 7. Problem: Unter meinem ICQ-Account werden Links an mind. sehr viele Kontakte gesendet ( sieht nach russischen Zeichen aus ). Ich habe in letzter Zeit sehr oft Anfragen von solchen mysteriösen Kontakten ( "Maren Geebert" ) etc bekommen, natürlich alle geblockt. Diese ANfragen kamen in Spitzenzeiten 2-3 mal die Stunde. Antivir-Check hat nichts ergeben. Frage : ist es nötig, das Betriebssystem komplett neu aufzusetzen? Wenn ja, dann auch mit dem Netbook, mit dem ich auch oft online war? Ist dann nicht aber auch gleich ein neuer ICQ - Account von nöten, imemrhin scheinen die ja mein PW gehabt zu haben ( bzw immernoch zu haben - ich habs gestern geändert ). Wäre für jegliche Hilfe dankbar. Betriebssystem : Win 7 64bit Messenger : QIP / Trillian. |
|
29.12.2009, 20:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "Icq Wurm" Hallo und
__________________ Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist. Bitte Malwarebytes ausführen und das Log posten, dann sehen wir weiter.
__________________ |
|
29.12.2009, 21:52
| #3 |
| | "Icq Wurm" Hallo, danke für die freundliche Aufnahme im Forum
__________________ Hier der Log : Malwarebytes' Anti-Malware 1.42 Datenbank Version: 3451 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 29.12.2009 21:50:28 mbam-log-2009-12-29 (21-50-22).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 349999 Laufzeit: 36 minute(s), 56 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\CMan\AppData\Local\Temp\wsonaecrxm.exe (Trojan.FakeAlert) -> No action taken. |
|
29.12.2009, 23:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Icq Wurm" Hast Du Dein Passwort schon von einer sauberen Maschine aus geändert für ICQ? Wie einfach oder kompliziert war es gestrickt? Hast Du Dich mit diesem ICQ-Konto auch an anderen Rechnern eingeloggt, Rechnern, die möglicherweise auch verseucht waren?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.12.2009, 23:13
| #5 |
| | "Icq Wurm" Also seitdem das Problem aufgetreten ist, habe ich mich nur auf meinem Haptrechner + Netbook ( ebenfalls Win7, 32bit ) eingeloggt. Zugegebenermaßen war das Passwort eher simpel als kompliziert. Ich kann das PW ja nochmal vom Netbook aus ändern. |
|
29.12.2009, 23:15
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Icq Wurm" Wieso ebenfalls 32 Bit? Ich dachte das hier: Zitat:
__________________ --> "Icq Wurm" |
|
29.12.2009, 23:17
| #7 |
| | "Icq Wurm" Sry schlecht ausgedrückt, ebenfalls win7, aber aufm netbook ist 32bit und aufm Hauptrechner die 64 bit version |
|
30.12.2009, 09:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Icq Wurm" Beobachte erstmal, ob das nach der Passwortänderung (ein deutlich komplizierteres PW bitte nehmen) immer noch auftritt. Wenn ja, ackerst Du die Liste für das 32-Bit-Netbook ab ( RSIT + CCleaner + Malwarebytes )
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2010, 20:24
| #9 |
| | "Icq Wurm" Problem besteht leider weiterhin, habe jetzt die Liste für mein Netbook abgearbeitet, außer RSIT, da bekomme ich immer eine Fehlermeldung bei der Installation. Malwarebytes hat nichts gefunden. |
|
04.01.2010, 12:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Icq Wurm" Dann statt RSIT bitte OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.01.2010, 13:14
| #11 |
| | "Icq Wurm" Hi, hier die 2 Logs: OTL logfile created on: 04.01.2010 13:05:41 - Run 1 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\CMan\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 37,10 Gb Total Space | 9,77 Gb Free Space | 26,33% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 1,88 Gb Free Space | 23,21% Space Free | Partition Type: FAT32 Drive E: | 29,30 Gb Total Space | 18,12 Gb Free Space | 61,85% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CMAN Current User Name: CMan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\CMan\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation) PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation) PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation) PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) ========== Modules (SafeList) ========== MOD - C:\Users\CMan\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 64 52 AE 1E 57 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "QIP Search" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.26 07:56:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.26 07:56:48 | 00,000,000 | ---D | M] [2009.10.27 17:03:27 | 00,000,000 | ---D | M] -- C:\Users\CMan\AppData\Roaming\mozilla\Extensions [2010.01.04 09:25:37 | 00,000,000 | ---D | M] -- C:\Users\CMan\AppData\Roaming\mozilla\Firefox\Profiles\h2gxcy6j.default\extensions [2009.10.27 20:04:10 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\CMan\AppData\Roaming\mozilla\Firefox\Profiles\h2gxcy6j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.10.27 19:28:00 | 00,002,061 | ---- | M] () -- C:\Users\CMan\AppData\Roaming\Mozilla\FireFox\Profiles\h2gxcy6j.default\searchplugins\qipsearch.xml [2009.12.03 22:01:34 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CMan\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.02.08 10:48:36 | 00,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{70ffdfe6-c63f-11de-933a-001d92568a7a}\Shell - "" = AutoRun O33 - MountPoints2\{70ffdfe6-c63f-11de-933a-001d92568a7a}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{70ffdfec-c63f-11de-933a-001d92568a7a}\Shell - "" = AutoRun O33 - MountPoints2\{70ffdfec-c63f-11de-933a-001d92568a7a}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.01.02 19:15:39 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Roaming\Malwarebytes [2010.01.02 19:15:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.01.02 19:15:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.01.02 19:15:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.01.02 19:15:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.01.02 19:07:07 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.01.02 19:03:40 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.01.02 19:03:39 | 00,000,000 | ---D | C] -- C:\rsit [2009.12.20 15:58:27 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Roaming\Trillian [2009.12.20 15:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian [2009.12.10 12:01:56 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll ========== Files - Modified Within 30 Days ========== [2010.01.04 13:03:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.01.04 13:02:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.01.04 13:02:49 | 16,022,03648 | -HS- | M] () -- C:\hiberfil.sys [2010.01.04 10:31:55 | 01,048,576 | -HS- | M] () -- C:\Users\CMan\NTUSER.DAT [2010.01.04 10:22:06 | 00,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.01.04 10:22:06 | 00,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.01.02 23:24:20 | 03,009,231 | -H-- | M] () -- C:\Users\CMan\AppData\Local\IconCache.db [2010.01.02 19:15:35 | 00,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.01.02 19:12:45 | 00,000,454 | ---- | M] () -- C:\Users\CMan\Desktop\cc_20100102_191219.reg [2010.01.02 19:12:10 | 00,000,766 | ---- | M] () -- C:\Users\CMan\Desktop\cc_20100102_191206.reg [2010.01.02 19:11:51 | 00,001,266 | ---- | M] () -- C:\Users\CMan\Desktop\cc_20100102_191147.reg [2010.01.02 19:11:31 | 00,017,272 | ---- | M] () -- C:\Users\CMan\Desktop\cc_20100102_191100.reg [2010.01.02 19:07:07 | 00,001,839 | ---- | M] () -- C:\Users\CMan\Desktop\CCleaner.lnk [2009.12.30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.12.30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.12.25 00:25:11 | 01,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.12.25 00:25:11 | 00,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.12.25 00:25:11 | 00,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.12.25 00:25:11 | 00,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.12.25 00:25:11 | 00,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.12.20 15:58:06 | 00,001,057 | ---- | M] () -- C:\Users\CMan\Desktop\Trillian.lnk [2009.12.08 09:44:05 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2010.01.02 19:15:35 | 00,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.01.02 19:12:20 | 00,000,454 | ---- | C] () -- C:\Users\CMan\Desktop\cc_20100102_191219.reg [2010.01.02 19:12:08 | 00,000,766 | ---- | C] () -- C:\Users\CMan\Desktop\cc_20100102_191206.reg [2010.01.02 19:11:49 | 00,001,266 | ---- | C] () -- C:\Users\CMan\Desktop\cc_20100102_191147.reg [2010.01.02 19:11:22 | 00,017,272 | ---- | C] () -- C:\Users\CMan\Desktop\cc_20100102_191100.reg [2010.01.02 19:07:07 | 00,001,839 | ---- | C] () -- C:\Users\CMan\Desktop\CCleaner.lnk [2009.12.20 15:58:06 | 00,001,057 | ---- | C] () -- C:\Users\CMan\Desktop\Trillian.lnk [2009.07.14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll < End of report > ---------------------------------------------------------------------- OTL Extras logfile created on: 04.01.2010 13:05:41 - Run 1 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\CMan\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 37,10 Gb Total Space | 9,77 Gb Free Space | 26,33% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 1,88 Gb Free Space | 23,21% Space Free | Partition Type: FAT32 Drive E: | 29,30 Gb Total Space | 18,12 Gb Free Space | 61,85% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CMAN Current User Name: CMan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "Trillian" = Trillian "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "QIP 2005" = QIP 2005 8095 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.12.2009 13:25:05 | Computer Name = CMan | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version: 12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00096f3b ID des fehlerhaften Prozesses: 0xb54 Startzeit der fehlerhaften Anwendung: 0x01ca743d86edb673 Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: cb61f23d-e030-11de-8971-bbc002b10586 Error - 03.12.2009 13:25:12 | Computer Name = CMan | Source = VSS | ID = 8194 Description = Error - 03.12.2009 13:27:02 | Computer Name = CMan | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version: 12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00096f3b ID des fehlerhaften Prozesses: 0x46c Startzeit der fehlerhaften Anwendung: 0x01ca743dcc32b0c8 Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: 116a6d66-e031-11de-8971-adb8e9bbdfab Error - 12.12.2009 15:04:28 | Computer Name = CMan | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3593, Zeitstempel: 0x4aef8082 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002fc47 ID des fehlerhaften Prozesses: 0xaac Startzeit der fehlerhaften Anwendung: 0x01ca7b59333d6a82 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2b69c9ee-e751-11de-8931-b030a30efc83 Error - 16.12.2009 06:20:38 | Computer Name = CMan | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version: 12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00096f3b ID des fehlerhaften Prozesses: 0xb5c Startzeit der fehlerhaften Anwendung: 0x01ca7e39638f48dd Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: a72a8ea9-ea2c-11de-8a56-99e2fb008d83 Error - 16.12.2009 06:20:43 | Computer Name = CMan | Source = VSS | ID = 8194 Description = Error - 16.12.2009 18:59:08 | Computer Name = CMan | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version: 12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00096f3b ID des fehlerhaften Prozesses: 0x734 Startzeit der fehlerhaften Anwendung: 0x01ca7ea358c1a060 Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: 9d7e93e3-ea96-11de-902c-b51279cecd87 Error - 16.12.2009 18:59:16 | Computer Name = CMan | Source = VSS | ID = 8194 Description = Error - 23.12.2009 08:18:01 | Computer Name = CMan | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version: 12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00096f3b ID des fehlerhaften Prozesses: 0xdf4 Startzeit der fehlerhaften Anwendung: 0x01ca83c9f104a7d5 Pfad der fehlerhaften Anwendung: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\setup.exe Pfad des fehlerhaften Moduls: C:\Medion\[06] WLAN\NE766\Win 7-32-64_ver.3.00.03.0000\Setup\ISSetup.dll Berichtskennung: 363ec6cd-efbd-11de-99a4-d13ab72f2f87 Error - 23.12.2009 08:18:09 | Computer Name = CMan | Source = VSS | ID = 8194 Description = [ System Events ] Error - 27.12.2009 06:56:08 | Computer Name = CMan | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 28.12.2009 07:15:03 | Computer Name = CMan | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 28.12.2009 07:17:19 | Computer Name = CMan | Source = WMPNetworkSvc | ID = 866300 Description = Error - 28.12.2009 08:53:24 | Computer Name = CMan | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 01.01.2010 07:24:53 | Computer Name = CMan | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 02.01.2010 14:00:19 | Computer Name = CMan | Source = volsnap | ID = 393241 Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. Error - 02.01.2010 14:00:55 | Computer Name = CMan | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.01.2010 04:15:13 | Computer Name = CMan | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.01.2010 05:14:55 | Computer Name = CMan | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.01.2010 08:03:25 | Computer Name = CMan | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > |
|
04.01.2010, 14:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Icq Wurm" Ich seh da so keine Hinweise  Allerdings besteht das Problem ja anscheinend immer noch wenn ich Dich richtig verstehe. Wann werden Deine Freunde zugespammt von "Dir", ist Dein Rechner da immer an oder unabhängig davon, ob Dein Rechner on oder off ist? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.01.2010, 16:29
| #13 |
| | "Icq Wurm" Hallo, ich werde mal meine Kontakte dazu auffordern, mir bescheid zu geben wann genau diese Nachrichten eintreffen um das besser nachzuvollziehen. Ich habe OTL nochmal auf meinem Hauptrechner ausgeführt, keine Ahnung ob es was bringt aber hier die 2 Logs : OTL logfile created on: 04.01.2010 16:21:33 - Run 1 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\CMan\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 209,00 Gb Total Space | 126,33 Gb Free Space | 60,44% Space Free | Partition Type: NTFS Drive D: | 197,28 Gb Total Space | 197,14 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 499,90 Gb Total Space | 427,72 Gb Free Space | 85,56% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,32% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRISTOPHER Current User Name: CMan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\CMan\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - E:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) ========== Modules (SafeList) ========== MOD - C:\Users\CMan\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (Symantec Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (.1256332214) -- C:\Program Files (x86)\1256332214\CMan1256332214L.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 00,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 00,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymDS64.sys (Symantec Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\cchpx64.sys (Symantec Corporation) DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\symtdiv.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Ironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.sys (Symantec Corporation) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100103.020\EX64.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100103.020\ENG64.SYS (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys (Symantec Corporation) DRV - (CSC) -- C:\Windows\CSC [2009.10.23 21:54:24 | 00,000,000 | ---D | M] DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 4F 3B E5 C2 72 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files (x86)\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009.12.30 13:30:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009.12.30 13:30:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.12.16 18:30:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.12.16 18:30:39 | 00,000,000 | ---D | M] [2009.10.23 22:17:41 | 00,000,000 | ---D | M] -- C:\Users\CMan\AppData\Roaming\mozilla\Extensions [2009.10.24 07:42:30 | 00,000,000 | ---D | M] -- C:\Users\CMan\AppData\Roaming\mozilla\Firefox\Profiles\nqioewsm.default\extensions [2009.10.24 00:22:24 | 00,002,061 | ---- | M] () -- C:\Users\CMan\AppData\Roaming\Mozilla\FireFox\Profiles\nqioewsm.default\searchplugins\qipsearch.xml [2009.11.09 15:23:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (1077 bytes) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 mynortonaccount.conxion.com O1 - Hosts: 127.0.0.1 lcsitemain.conxion.com O1 - Hosts: 127.0.0.1 lc1alt.symantec.com O1 - Hosts: 127.0.0.1 lcsitemain.symantec.com O1 - Hosts: 127.0.0.1 www.mynortonaccount.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files (x86)\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - Startup: C:\Users\CMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = E:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1b274ff0-c016-11de-b476-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1b274ff0-c016-11de-b476-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{2d0a92d9-c018-11de-babd-00241d821b88}\Shell - "" = AutoRun O33 - MountPoints2\{2d0a92d9-c018-11de-babd-00241d821b88}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{2d0a92db-c018-11de-babd-00241d821b88}\Shell - "" = AutoRun O33 - MountPoints2\{2d0a92db-c018-11de-babd-00241d821b88}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{2f874cd0-c06a-11de-8b29-00241d821b88}\Shell - "" = AutoRun O33 - MountPoints2\{2f874cd0-c06a-11de-8b29-00241d821b88}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.01.01 23:34:53 | 00,000,000 | ---D | C] -- C:\ProgramData\TmForever [2010.01.01 23:34:31 | 00,000,000 | ---D | C] -- C:\Users\CMan\Documents\TmForever [2010.01.01 23:34:28 | 00,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2010.01.01 23:34:28 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2010.01.01 23:34:27 | 00,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2010.01.01 23:34:27 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2010.01.01 23:34:27 | 00,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2010.01.01 23:34:27 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2010.01.01 23:34:19 | 03,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2010.01.01 23:34:17 | 00,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2010.01.01 23:34:17 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2010.01.01 23:34:17 | 00,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2010.01.01 23:34:17 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2010.01.01 23:34:16 | 03,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2010.01.01 23:34:16 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2010.01.01 23:34:15 | 03,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2010.01.01 23:34:15 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2010.01.01 23:34:14 | 03,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2010.01.01 23:34:14 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2010.01.01 23:34:13 | 03,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2010.01.01 23:34:13 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2010.01.01 23:34:10 | 03,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2010.01.01 23:34:10 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2010.01.01 23:34:08 | 03,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2010.01.01 23:34:08 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2010.01.01 23:13:00 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Local\CrashDumps [2009.12.30 19:34:36 | 00,450,608 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\symtdiv.sys [2009.12.30 19:34:36 | 00,219,184 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymEFA64.sys [2009.12.30 19:34:35 | 00,504,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.sys [2009.12.30 19:34:35 | 00,433,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymDS64.sys [2009.12.30 19:34:35 | 00,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.sys [2009.12.30 19:34:34 | 00,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\cchpx64.sys [2009.12.30 19:34:34 | 00,146,992 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Ironx64.sys [2009.12.30 19:34:21 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1101000.013 [2009.12.30 13:38:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2009.12.30 13:34:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\1256332214 [2009.12.30 13:30:33 | 00,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2009.12.30 13:30:30 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2009.12.30 13:30:30 | 00,000,000 | ---D | C] -- C:\Programme\Symantec [2009.12.30 13:30:11 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2009.12.30 13:30:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2009.12.30 13:30:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton [2009.12.30 13:29:33 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2009.12.30 13:29:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2009.12.29 21:12:05 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Roaming\Malwarebytes [2009.12.29 21:12:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009.12.29 21:12:00 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2009.12.29 21:12:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009.12.29 21:12:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.12.21 23:14:05 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Local\Winterberg-Modifkation_fü [2009.12.20 15:46:23 | 00,000,000 | ---D | C] -- C:\Users\CMan\AppData\Roaming\Trillian [2009.12.10 00:24:59 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2009.12.10 00:24:59 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009.12.05 20:07:59 | 00,000,000 | ---D | C] -- C:\Users\CMan\Kitserver2010 ========== Files - Modified Within 30 Days ========== [2010.01.04 16:23:43 | 01,835,008 | -HS- | M] () -- C:\Users\CMan\ntuser.dat [2010.01.04 15:35:34 | 01,057,868 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Cat.DB [2010.01.04 14:42:55 | 00,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.01.04 14:42:55 | 00,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.01.04 14:39:58 | 01,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.01.04 14:39:58 | 00,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.01.04 14:39:58 | 00,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.01.04 14:39:58 | 00,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.01.04 14:39:58 | 00,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.01.04 14:35:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.01.04 14:35:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.01.04 14:35:38 | 21,462,95807 | -HS- | M] () -- C:\hiberfil.sys [2010.01.04 14:34:38 | 01,801,302 | ---- | M] () -- C:\Users\CMan\Desktop\Unbenannt.png [2010.01.04 14:34:28 | 02,040,221 | -H-- | M] () -- C:\Users\CMan\AppData\Local\IconCache.db [2010.01.02 23:30:39 | 00,045,720 | ---- | M] () -- C:\Users\CMan\Desktop\n1339923639_156252_9906.jpg [2010.01.01 23:33:39 | 00,000,779 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk [2009.12.31 11:31:37 | 00,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2009.12.30 13:34:06 | 00,001,077 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2009.12.30 13:30:30 | 00,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2009.12.30 13:30:30 | 00,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2009.12.30 13:30:30 | 00,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2009.12.29 21:12:04 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.29 01:46:51 | 00,002,658 | ---- | M] () -- C:\Windows\diagwrn.xml [2009.12.29 01:46:51 | 00,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2009.12.29 01:46:11 | 00,003,260 | ---- | M] () -- C:\Users\CMan\Desktop\Windows-Kompatibilitätsbericht.htm [2009.12.28 17:38:39 | 01,233,115 | ---- | M] () -- C:\Users\CMan\Desktop\7450_image_19.jpg [2009.12.22 19:40:02 | 04,178,616 | ---- | M] () -- C:\Users\CMan\Desktop\MOV00195.MP4 [2009.12.21 23:14:05 | 00,000,036 | ---- | M] () -- C:\updater.guid [2009.12.20 15:48:34 | 00,000,714 | ---- | M] () -- C:\Users\CMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2009.12.20 15:46:23 | 00,000,796 | ---- | M] () -- C:\Users\CMan\Desktop\Trillian.lnk [2009.12.17 18:34:29 | 00,000,654 | ---- | M] () -- C:\Users\CMan\Documents\party.rtf [2009.12.11 17:13:19 | 00,000,167 | ---- | M] () -- C:\Users\CMan\udownload.dat [2009.12.07 20:40:15 | 00,074,880 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2010.01.04 14:34:38 | 01,801,302 | ---- | C] () -- C:\Users\CMan\Desktop\Unbenannt.png [2010.01.02 23:30:39 | 00,045,720 | ---- | C] () -- C:\Users\CMan\Desktop\n1339923639_156252_9906.jpg [2010.01.01 23:33:39 | 00,000,779 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk [2009.12.31 11:31:17 | 01,057,868 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Cat.DB [2009.12.30 19:34:36 | 00,007,774 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\symnetv64.cat [2009.12.30 19:34:36 | 00,007,399 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymEFA64.cat [2009.12.30 19:34:36 | 00,007,355 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\symnet64.cat [2009.12.30 19:34:36 | 00,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymEFA.inf [2009.12.30 19:34:36 | 00,001,474 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymNetV.inf [2009.12.30 19:34:36 | 00,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymNet.inf [2009.12.30 19:34:35 | 00,007,465 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymDS64.cat [2009.12.30 19:34:35 | 00,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.cat [2009.12.30 19:34:35 | 00,007,401 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.cat [2009.12.30 19:34:35 | 00,002,793 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\SymDS.inf [2009.12.30 19:34:35 | 00,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.inf [2009.12.30 19:34:35 | 00,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.inf [2009.12.30 19:34:34 | 00,007,388 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\iron.cat [2009.12.30 19:34:34 | 00,007,345 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\cchpx64.cat [2009.12.30 19:34:34 | 00,001,840 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\ccHPx64.inf [2009.12.30 19:34:34 | 00,000,773 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Iron.inf [2009.12.30 19:34:21 | 00,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\isolate.ini [2009.12.30 13:30:33 | 00,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2009.12.30 13:30:33 | 00,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2009.12.30 13:30:23 | 00,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2009.12.29 21:12:04 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.29 01:46:11 | 00,003,260 | ---- | C] () -- C:\Users\CMan\Desktop\Windows-Kompatibilitätsbericht.htm [2009.12.29 01:42:57 | 00,002,658 | ---- | C] () -- C:\Windows\diagwrn.xml [2009.12.29 01:42:57 | 00,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2009.12.28 20:00:32 | 02,969,395 | ---- | C] () -- C:\Users\CMan\Desktop\DSC_0052.JPG [2009.12.28 17:38:39 | 01,233,115 | ---- | C] () -- C:\Users\CMan\Desktop\7450_image_19.jpg [2009.12.22 22:01:02 | 04,178,616 | ---- | C] () -- C:\Users\CMan\Desktop\MOV00195.MP4 [2009.12.21 23:14:05 | 00,000,036 | ---- | C] () -- C:\updater.guid [2009.12.20 15:48:34 | 00,000,714 | ---- | C] () -- C:\Users\CMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2009.12.20 15:46:23 | 00,000,796 | ---- | C] () -- C:\Users\CMan\Desktop\Trillian.lnk [2009.12.17 18:34:29 | 00,000,654 | ---- | C] () -- C:\Users\CMan\Documents\party.rtf [2009.12.11 22:02:06 | 00,910,791 | ---- | C] () -- C:\Users\CMan\Desktop\DSCN1855.JPG [2009.11.17 00:44:58 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.10.25 15:28:39 | 00,054,404 | ---- | C] () -- C:\Windows\SysWow64\sndspeed.dll [2009.10.25 15:28:38 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll [2009.10.24 07:49:02 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.16 10:08:36 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.08.03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.29 15:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.05.29 15:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2008.05.16 01:14:50 | 00,000,963 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI [2007.02.05 19:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI < End of report > ----------------------------------------------------------------------- OTL Extras logfile created on: 04.01.2010 16:21:33 - Run 1 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\CMan\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 209,00 Gb Total Space | 126,33 Gb Free Space | 60,44% Space Free | Partition Type: NTFS Drive D: | 197,28 Gb Total Space | 197,14 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 499,90 Gb Total Space | 427,72 Gb Free Space | 85,56% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,32% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRISTOPHER Current User Name: CMan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR "z3ta+_x64_is1" = rgc:audio z3ta+ 1.5 (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07CC448E-4FFC-444F-999D-10F11AE559FB}" = aerosoft's - Mallorca X for FSX "{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X "{126B6545-C321-4C22-A8C1-F59065A5E344}" = aerosoft's - FDC Live Cockpit "{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X "{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26405538-F6B6-4EDC-8C58-6D291ADA2D38}" = PMDG_BAe_JS4100_3M "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2 "{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X "{31AECBEB-BE18-4342-B8AA-DD18F2BAC5B5}" = aerosoft's - German Airports 2-Cologne-Bonn X "{3B6F6E35-900C-4FE3-B2F6-067443353CD1}" = aerosoft's - Mega Airport Stockholm Arlanda X "{3DAD565E-1275-4EE8-9568-932CB7B75FB8}" = aerosoft's - German Airports 3 - Berlin-Tegel X "{417FC1D9-A946-4638-B02C-FD9AE0E96E95}" = Aerosoft's - German Airfields 3 "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{74F493A2-1264-4BF2-A135-0184C68BD580}" = aerosoft's - Venice X "{8233F99B-C4C2-44E9-8486-374E9B300BF2}" = aerosoft's - Mega Airport Madrid Barajas "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A298A7A7-3BD2-42EE-B48C-12C97A9BBF08}" = aerosoft's - German Airports 2 - Dortmund X "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A80712C1-A6E6-423E-A3E2-5C75408EF149}" = aerosoft's - German Airports 2-Muenster-Osnabrueck X "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X "{B56D25A0-1316-4255-AB45-1147C9D01C5E}" = Aerosoft's - MonacoX "{C1F98ADD-81BF-45E1-A36B-515CA20B61AF}" = aerosoft's - German Airports 3 - Bremen X "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D4E22434-1BCE-4C91-A1E4-FC352DFD4B3B}" = aerosoft's - Mega Airport Frankfurt - FS2004 "{D4FB2856-E6EB-4864-A241-4587ED21A11B}" = aerosoft's - Brussels 2007 "{DAA73076-84A5-4141-A630-79380E48C9D0}" = aerosoft's - Mega Airport Lisbon X "{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2 "{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}" = aerosoft's - German Airports 3 - Hamburg X "{F293A032-EB67-4ADC-8646-F1AA7F9E0143}" = Aerosoft's - Luxembourg Airports "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F6096C02-08BB-42A2-8683-C24703D4B370}" = PMDG_BAe_JS4100_4Z "{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC "{FB647DBE-2231-405D-AC36-C73246CBE305}" = PMDG BAe JS4100 "{FCAC5DCE-DECB-4AA4-AA64-13827EA81B2A}" = aerosoft's - German Airports 3 - Luebeck X "{FCD605A8-4D9D-4FA8-B9EF-043399C84DBA}" = aerosoft's - Pro Flight Emulator Deluxe "A2A Wings of Silver B377 Stratocruiser" = A2A Wings of Silver B377 Stratocruiser "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Algebrus_is1" = Algebrus 3.1 "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Cinergy XS Series" = Cinergy XS Series V5.09.0304.00a "ClearProg" = ClearProg 1.6.0 Final "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "FL Studio 9" = FL Studio 9 "FS Global 2008 for FSX" = FS Global 2008 for FSX "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "IL Download Manager" = IL Download Manager "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "JDownloader" = JDownloader "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marxio Timer_is1" = Marxio Timer 1.11 "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.5 "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "NIS" = Norton Internet Security "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PoiZone" = PoiZone "PokerStars" = PokerStars "reFX Nexus Demo_is1" = reFX Nexus Demo "rgc:audio z3ta+ VSTi_is1" = rgc:audio z3ta+ VSTi v1.4 DEMO "Sawer" = Sawer "SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1 "Steam App 10" = Counter-Strike "TmNationsForever_is1" = TmNationsForever "Toxic Biohazard" = Toxic Biohazard "Trillian" = Trillian ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Airline Pack E-190 FS9/FSX (version 1.1)" = Airline Pack E-190 FS9/FSX (version 1.1) "E-Jets Series (FSX)" = E-Jets Series (FSX) "FsxAdventures EasyJet Missions Vol 1. v1.0" = FsxAdventures EasyJet Missions Vol 1. v1.0 "FsxAdventures KLM Missions v1.00" = FsxAdventures KLM Missions v1.00 "Lotus Simulations L-39" = Lotus Simulations L-39 "QIP 2005" = QIP 2005 8095 "Ultimate Terrain X - Europe" = Ultimate Terrain X - Europe ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.12.2009 16:02:24 | Computer Name = christopher | Source = VSS | ID = 8194 Description = Error - 13.12.2009 12:28:25 | Computer Name = christopher | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.1.3593 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9d4 Startzeit: 01ca7bf6b66a794a Endzeit: 23 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 4e852a73-e804-11de-bf1b-00241d821b88 Error - 19.12.2009 21:10:09 | Computer Name = christopher | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61472.0, Zeitstempel: 0x475e17d3 Name des fehlerhaften Moduls: sound.dll, Version: 10.0.61472.0, Zeitstempel: 0x475e180f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001572b ID des fehlerhaften Prozesses: 0xebc Startzeit der fehlerhaften Anwendung: 0x01ca8110f5e9d40a Pfad der fehlerhaften Anwendung: E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe Pfad des fehlerhaften Moduls: E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\sound.dll Berichtskennung: 6a4ad582-ed04-11de-824f-00241d821b88 Error - 21.12.2009 19:16:38 | Computer Name = christopher | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 4.0.0.119, Zeitstempel: 0x4af33150 Name des fehlerhaften Moduls: toolkit.dll, Version: 4.0.0.119, Zeitstempel: 0x4af3313e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001cb22 ID des fehlerhaften Prozesses: 0x8ac Startzeit der fehlerhaften Anwendung: 0x01ca82410a2d158e Pfad der fehlerhaften Anwendung: E:\Program Files (x86)\Trillian\trillian.exe Pfad des fehlerhaften Moduls: E:\Program Files (x86)\Trillian\toolkit.dll Berichtskennung: e34ee05e-ee86-11de-a5f1-00241d821b88 Error - 28.12.2009 15:59:57 | Computer Name = christopher | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3622, Zeitstempel: 0x4b16159b Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0, Zeitstempel: 0x4b15ef62 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009cd8 ID des fehlerhaften Prozesses: 0xdf4 Startzeit der fehlerhaften Anwendung: 0x01ca87d981e2b8d7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\MOZCRT19.dll Berichtskennung: 9234c08b-f3eb-11de-8be7-00241d821b88 Error - 28.12.2009 19:38:23 | Computer Name = christopher | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 4.0.0.119, Zeitstempel: 0x4af33150 Name des fehlerhaften Moduls: toolkit.dll, Version: 4.0.0.119, Zeitstempel: 0x4af3313e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001cb22 ID des fehlerhaften Prozesses: 0x9cc Startzeit der fehlerhaften Anwendung: 0x01ca87ed5bc13e15 Pfad der fehlerhaften Anwendung: E:\Program Files (x86)\Trillian\trillian.exe Pfad des fehlerhaften Moduls: E:\Program Files (x86)\Trillian\toolkit.dll Berichtskennung: 15e96031-f40a-11de-8be7-00241d821b88 Error - 01.01.2010 18:07:42 | Computer Name = christopher | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: pes2010.exe, Version: 1.0.0.0, Zeitstempel: 0x4aa0787f Name des fehlerhaften Moduls: pes2010.exe, Version: 1.0.0.0, Zeitstempel: 0x4aa0787f Ausnahmecode: 0xc0000005 Fehleroffset: 0x007cb130 ID des fehlerhaften Prozesses: 0x12a0 Startzeit der fehlerhaften Anwendung: 0x01ca8b2c9a33bef8 Pfad der fehlerhaften Anwendung: E:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2010\pes2010.exe Pfad des fehlerhaften Moduls: E:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2010\pes2010.exe Berichtskennung: 14b1465c-f722-11de-b330-00241d821b88 Error - 03.01.2010 16:58:22 | Computer Name = christopher | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7600.16415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: da4 Startzeit: 01ca8cb770a68bff Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: b510dd9e-f8aa-11de-b311-00241d821b88 Error - 03.01.2010 17:24:53 | Computer Name = christopher | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3622, Zeitstempel: 0x4b16159b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x13e8 Startzeit der fehlerhaften Anwendung: 0x01ca8cb3b6fa4d15 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 6e17b25b-f8ae-11de-b311-00241d821b88 Error - 04.01.2010 09:33:01 | Computer Name = christopher | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3622, Zeitstempel: 0x4b16159b Name des fehlerhaften Moduls: NPSWF32.dll, Version: 10.0.32.18, Zeitstempel: 0x4a613f8d Ausnahmecode: 0x40000015 Fehleroffset: 0x0004f391 ID des fehlerhaften Prozesses: 0x7bc Startzeit der fehlerhaften Anwendung: 0x01ca8d27963cbaf9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32.dll Berichtskennung: ad5cb1be-f935-11de-8c53-00241d821b88 [ System Events ] Error - 31.12.2009 14:48:03 | Computer Name = christopher | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 01.01.2010 21:20:51 | Computer Name = christopher | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 02.01.2010 13:06:10 | Computer Name = christopher | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 02.01.2010 15:05:44 | Computer Name = christopher | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 02.01.2010 21:10:46 | Computer Name = christopher | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 03.01.2010 16:05:13 | Computer Name = christopher | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 03.01.2010 18:17:26 | Computer Name = christopher | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 04.01.2010 02:36:50 | Computer Name = christopher | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 04.01.2010 09:34:33 | Computer Name = christopher | Source = DCOM | ID = 10010 Description = Error - 04.01.2010 09:34:55 | Computer Name = christopher | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 < End of report > |
|
05.01.2010, 13:21
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Icq Wurm" Ein Kandidaten hätte ich: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2010, 13:27
| #15 |
| | "Icq Wurm" http://www.virustotal.com/de/reanalisis.html?2fac5d004556f431cafbcf09340fe98f602ef1511fa36df3446580379dddc6a7-1262694339 |
|
| Themen zu "Icq Wurm" |
| anfrage, anleitung, betriebssystem, frage, fragen, gesendet, geändert, icq, immernoch, komplett, links, natürlich, neu, neuer, nichts, nötig, online, problem, schei, trillian, win, wurm, zeichen, zeiten |
