Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antimalware Doctor entfernen (https://www.trojaner-board.de/96287-antimalware-doctor-entfernen.html)

monije 05.03.2011 16:47
Antimalware Doctor entfernen
 
Habe mir den Antimalware Doctor eingefangen.
Nachdem ich hier etwas rumgelsen habe, habe ich schon folgendes gemacht:
Malwarebytes' Anti-Malware laufen lassen, dateien damit löschen.
Systemscan mit OTL

OTL.TxtOTL Logfile:
Code:
OTL logfile created on: 3/5/2011 12:36:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = D:\mama
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 217.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.90 Gb Total Space | 14.28 Gb Free Space | 28.05% Space Free | Partition Type: NTFS
Drive D: | 83.05 Gb Total Space | 41.59 Gb Free Space | 50.07% Space Free | Partition Type: NTFS
 
Computer Name: CHANTI-PC | User Name: mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\mama\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - D:\mama\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com"
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar&search="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/28 22:06:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/28 22:06:12 | 000,000,000 | ---D | M]
 
[2010/08/22 19:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mama\AppData\Roaming\mozilla\Extensions
[2011/03/04 21:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mama\AppData\Roaming\mozilla\Firefox\Profiles\vj8wy9od.default\extensions
[2011/02/26 16:21:22 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Toolbar) -- C:\Users\mama\AppData\Roaming\mozilla\Firefox\Profiles\vj8wy9od.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011/02/25 16:16:49 | 000,000,000 | ---D | M] (شريط أدوات Ùيس بوك) -- C:\Users\mama\AppData\Roaming\mozilla\Firefox\Profiles\vj8wy9od.default\extensions\firefox@facebook.com
[2011/02/26 16:17:21 | 000,002,153 | ---- | M] () -- C:\Users\mama\AppData\Roaming\Mozilla\Firefox\Profiles\vj8wy9od.default\searchplugins\MyStart Search.xml
[2010/03/27 19:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 22:35:37 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/11/13 22:35:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/11/13 22:35:37 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/08/17 16:33:48 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/11/13 22:35:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/11/13 22:35:37 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Pregohunir] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c32017f-43ee-11e0-82a9-002454154cd8}\Shell - "" = AutoRun
O33 - MountPoints2\{0c32017f-43ee-11e0-82a9-002454154cd8}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{455239c7-4c88-11df-893b-002454154cd8}\Shell - "" = AutoRun
O33 - MountPoints2\{455239c7-4c88-11df-893b-002454154cd8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{648b13da-6a45-11df-b81d-002454154cd8}\Shell - "" = AutoRun
O33 - MountPoints2\{648b13da-6a45-11df-b81d-002454154cd8}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{7a54c69b-4311-11e0-82b1-002454154cd8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a54c69b-4311-11e0-82b1-002454154cd8}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{7a54c6ae-4311-11e0-82b1-002454154cd8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a54c6ae-4311-11e0-82b1-002454154cd8}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - ac3filter.acm ()
Drivers32: msacm.avis - ff_acm.acm ()
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll ()
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - xvidvfw.dll ()
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/03/04 23:22:10 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Roaming\Malwarebytes
[2011/03/04 23:21:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/03/04 23:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 23:21:45 | 000,371,544 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2011/03/04 23:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/04 23:21:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/03/04 23:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/04 22:55:46 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Roaming\63B3A43B305985D9502EF76268F0DE84
[2011/03/03 22:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/03/03 22:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/03/02 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Roaming\Alien Skin
[2011/03/01 16:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alien Skin
[2011/03/01 11:41:49 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Local\Conduit
[2011/03/01 08:29:42 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Local\Programs
[2011/03/01 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Roaming\Vodafone
[2011/03/01 08:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2011/03/01 08:25:00 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Local\{DA6A30CA-2668-4F5F-93A5-9BDA19E3CCC4}
[2011/02/26 16:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator
[2011/02/26 16:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/02/26 16:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator
[2011/02/26 16:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/02/26 16:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail_MediaBar_2
[2011/02/24 22:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Native
[2011/02/24 22:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual
[2011/02/24 21:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2011/02/24 21:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/02/24 13:27:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/02/23 22:23:24 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Local\Adobe
[2011/02/10 16:00:08 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/02/10 15:59:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/02/10 15:59:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/02/10 15:59:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/02/10 15:59:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/02/10 15:59:28 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/02/10 15:59:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/02/10 15:59:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/02/10 15:59:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/02/10 15:59:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/02/10 15:59:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/02/10 15:59:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/02/10 15:59:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/02/10 15:59:25 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/02/10 15:59:20 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/02/10 15:59:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/02/10 15:59:11 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/02/10 15:59:10 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/03/05 12:51:33 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/05 12:33:10 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 12:33:10 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 12:23:26 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/05 12:21:33 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2011/03/05 12:20:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/05 12:20:50 | 797,728,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 01:11:23 | 000,000,952 | -HS- | M] () -- C:\windows\System32\KGyGaAvL.sys
[2011/03/04 23:21:51 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 23:21:44 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/03/04 09:51:43 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/03/04 09:51:43 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/04 09:51:43 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/03/04 09:51:43 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/01 08:27:17 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2011/02/26 16:19:29 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011/02/26 16:19:28 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Beschleunigen Sie Ihren Computer!.lnk
[2011/02/25 21:44:53 | 000,302,408 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/02/24 21:50:12 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011/02/23 22:26:59 | 000,000,619 | ---- | M] () -- C:\Users\mama\Desktop\mama - Verknüpfung.lnk
[2011/02/23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/02/23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/02/23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2011/02/23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/02/23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/02/23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/02/23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/02/23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2011/02/13 21:58:47 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/03/04 23:21:51 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/01 14:53:17 | 000,016,384 | ---- | C] () -- C:\windows\System32\Ikeext.etl
[2011/03/01 08:27:17 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2011/02/26 16:19:28 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Beschleunigen Sie Ihren Computer!.lnk
[2011/02/24 21:50:12 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011/02/23 22:26:59 | 000,000,619 | ---- | C] () -- C:\Users\mama\Desktop\mama - Verknüpfung.lnk
[2011/02/13 21:58:47 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/05/22 22:20:58 | 000,000,038 | ---- | C] () -- C:\windows\dmi.ini
[2010/05/22 22:20:57 | 000,210,944 | ---- | C] () -- C:\windows\System32\MSVCRT10.DLL
[2010/03/24 02:45:50 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/03/24 02:16:01 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/23 22:16:36 | 000,000,952 | -HS- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2010/03/23 22:13:33 | 000,456,008 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2010/03/23 20:56:41 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/03/23 20:56:40 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/03/23 20:56:40 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/03/23 20:56:40 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/02/21 04:48:22 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/08/28 02:15:52 | 000,643,866 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/08/28 02:15:52 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/08/28 02:15:52 | 000,126,394 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/08/28 02:15:52 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/08/27 09:39:44 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/08/27 09:38:29 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,302,408 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,607,190 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,103,568 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:09 | 001,332,736 | ---- | C] () -- C:\windows\System32\hpotiop1.dll
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat
[2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat
[2008/03/07 15:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/03/07 12:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\windows\System32\PSIService.exe
 
========== LOP Check ==========
 
[2011/03/04 22:55:54 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\63B3A43B305985D9502EF76268F0DE84
[2011/03/02 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Alien Skin
[2011/03/01 08:27:45 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Vodafone
[2011/01/17 15:58:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/03/04 22:55:54 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\63B3A43B305985D9502EF76268F0DE84
[2011/03/04 22:55:30 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Adobe
[2011/03/02 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Alien Skin
[2011/03/05 01:11:47 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Corel
[2010/08/22 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Google
[2010/08/22 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Identities
[2010/08/22 19:29:07 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Macromedia
[2011/03/04 23:22:10 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Malwarebytes
[2011/03/01 08:32:45 | 000,000,000 | --SD | M] -- C:\Users\mama\AppData\Roaming\Microsoft
[2010/08/22 19:35:18 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Mozilla
[2011/03/01 08:27:45 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Vodafone
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\mama\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\mama\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\mama\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\mama\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\mama\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\mama\AppData\Local\Temp\RarSFX1\userinit.exe
 
< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\mama\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\mama\AppData\Local\Temp\RarSFX1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6B50A605
 
< End of report >
--- --- ---


Extras.TxtOTL Logfile:
Code:
OTL Extras logfile created on: 3/5/2011 12:36:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = D:\mama
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 217.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.90 Gb Total Space | 14.28 Gb Free Space | 28.05% Space Free | Partition Type: NTFS
Drive D: | 83.05 Gb Total Space | 41.59 Gb Free Space | 50.07% Space Free | Partition Type: NTFS
 
Computer Name: CHANTI-PC | User Name: mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0DCF2BB4-A124-4596-89F7-5670294E091B}" = Microsoft Office Activation Assistant for Netbooks
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91DE5A42-8D5E-42EB-BA32-A80682FA94D7}" = Samsung Support Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"conduitEngine" = Conduit Engine
"Exposure 2" = Alien Skin Exposure 2
"Filters Unlimited_is1" = Filters Unlimited 2.0.3
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Jigsaw World 1.00" = Jigsaw World 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoScape" = PhotoScape
"PLAY ONLINE" = PLAY ONLINE
"Snap Art" = Alien Skin Snap Art
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 3/1/2011 3:55:12 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227
Description =
 
Error - 3/1/2011 7:17:02 AM | Computer Name = chanti-PC | Source = Application Hang | ID = 1002
Description = Programm IncMail.exe, Version 6.2.6.4878 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1224 Startzeit:
01cbd7fb5896c38d Endzeit: 4072 Anwendungspfad: C:\Program Files\IncrediMail\Bin\IncMail.exe
 
Berichts-ID:
5517dd62-43f5-11e0-82a9-002454154cd8
 
Error - 3/1/2011 9:48:26 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227
Description =
 
Error - 3/1/2011 9:52:23 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227
Description =
 
Error - 3/1/2011 9:52:51 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227
Description =
 
Error - 3/1/2011 9:54:19 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227
Description =
 
Error - 3/1/2011 9:58:08 AM | Computer Name = chanti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ImApp.exe, Version: 6.2.6.4878, Zeitstempel:
0x4d45558f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffa2848 ID des fehlerhaften Prozesses:
0x290 Startzeit der fehlerhaften Anwendung: 0x01cbd8181dbca63a Pfad der fehlerhaften
Anwendung: C:\Program Files\IncrediMail\Bin\ImApp.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: efbb46da-440b-11e0-83d3-002454154cd8
 
Error - 3/1/2011 9:58:30 AM | Computer Name = chanti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ImApp.exe, Version: 6.2.6.4878, Zeitstempel:
0x4d45558f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xe06d7363 Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0x290 Startzeit der fehlerhaften Anwendung: 0x01cbd8181dbca63a Pfad der
fehlerhaften Anwendung: C:\Program Files\IncrediMail\Bin\ImApp.exe Pfad des fehlerhaften
Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: fcbca13a-440b-11e0-83d3-002454154cd8
 
Error - 3/2/2011 7:50:24 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227
Description =
 
Error - 3/2/2011 4:22:36 PM | Computer Name = chanti-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 334 Startzeit: 01cbd9174a09a892 Endzeit: 140 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: c68a2730-450a-11e0-8a6a-002454154cd8
 
 
[ System Events ]
Error - 12/25/2010 7:06:58 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
 
Error - 12/25/2010 7:24:06 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
 
Error - 12/25/2010 10:37:02 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
Error - 12/25/2010 3:50:43 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
Error - 12/26/2010 1:05:15 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
Error - 12/26/2010 2:12:11 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
Error - 12/27/2010 10:10:44 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
Error - 12/27/2010 5:14:29 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
 
Error - 12/28/2010 7:12:51 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 12/28/2010 12:27:18 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
 
 
< End of report >
--- --- ---

...was muss ich noch tun, um alles von Antimalware Doctor wegzubekommen??

kira 06.03.2011 08:04
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
Malwarebytes
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
Coverflow

monije 06.03.2011 14:20
dankeschön, dann fange ich mal an, alles so zu machen wie du es hier schreibst....ist ja nicht wenig.

monije 06.03.2011 15:22
...Mensch ich bin zu blöd das Logfile zu kopieren.
So sieht es am Ende bei mir aus...aber wie kopiere ich es denn??
http://i77.photobucket.com/albums/j4...je2/Image2.jpg
Ich kann es ja nicht markieren.

und diese Meldung bekomme ich auch:
http://i77.photobucket.com/albums/j4...je2/Image1.jpg

....wird es irgendwo als textdokument abgespeichert?
Kann da nichts finden.

kira 07.03.2011 15:57
1.
Rechtsklick auf HijackThis-> als Admin ausführen wählen

2.
klick auf "Main Menu"→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

monije 07.03.2011 19:24
Ich kann es nicht als Administrator ausführen,keine Ahnung warum.
Bei anderen Programmen geht es aber bei dem nicht.

monije 07.03.2011 19:51
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:55, on 07.03.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel Paint Shop Pro Photo.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll
O3 - Toolbar: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\windows\system32\PSIService.exe
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 8731 bytes

monije 07.03.2011 20:15
hjtscanlist.txt
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7600]
 
 
C:

      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  06.03.2011 16:13    C:\ProgramData --------- 12288 
  06.03.2011 15:04    C:\Program Files --------- 24576 
  06.03.2011 14:37    C:\System Volume Information --------- 8192 
  04.03.2011 23:21    C:\Windows --------- 28672 
  04.03.2011 23:13    C:\rkill.log --------- 248 
  12.01.2011 14:38    C:\output --------- 4096 
  05.12.2010 12:21    C:\$Recycle.Bin --------- 4096 
  05.12.2010 12:20    C:\Users --------- 4096 
  24.03.2010 02:21    C:\MSOCache --------- 0 
  24.03.2010 02:08    C:\Recovery --------- 0 
  27.08.2009 10:14    C:\setup.log --------- 190 
  27.08.2009 09:36    C:\RHDSetup.log --------- 1888 
  27.08.2009 09:34    C:\Intel --------- 0 
  14.07.2009 05:53    C:\Documents and Settings --------- 0 
  14.07.2009 03:37    C:\PerfLogs --------- 0 
  10.06.2009 22:42    C:\config.sys --------- 10 
  10.06.2009 22:42    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\windows

  07.03.2011 19:14    C:\windows\setupact.log --------- 3623 
  07.03.2011 19:14    C:\windows\bootstat.dat --------- 67584 
  07.03.2011 19:19    C:\windows\WindowsUpdate.log --------- 1298884 
  06.03.2011 11:38    C:\windows\PFRO.log --------- 1526 
  23.02.2011 16:04    C:\windows\avastSS.scr --------- 40648 
  13.11.2010 22:20    C:\windows\dmi.ini --------- 38 
  17.04.2010 01:45    C:\windows\WLXPGSS.SCR --------- 307056 
  24.03.2010 02:45    C:\windows\HotFixList.ini --------- 2 
      C:\windows\(öS ---------   
  31.10.2009 06:45    C:\windows\explorer.exe --------- 2614272 
  27.08.2009 10:11    C:\windows\Csup.txt --------- 10 
  27.08.2009 10:08    C:\windows\win.ini --------- 435 
  14.07.2009 05:41    C:\windows\WindowsShell.Manifest --------- 749 
  14.07.2009 05:39    C:\windows\setuperr.log --------- 0 
  14.07.2009 02:16    C:\windows\twain_32.dll --------- 51200 
  14.07.2009 02:14    C:\windows\write.exe --------- 9216 
  14.07.2009 02:14    C:\windows\winhlp32.exe --------- 9728 
  14.07.2009 02:14    C:\windows\twunk_32.exe --------- 31232 
  14.07.2009 02:14    C:\windows\regedit.exe --------- 398336 
  14.07.2009 02:14    C:\windows\notepad.exe --------- 179712 
  14.07.2009 02:14    C:\windows\hh.exe --------- 15360 
  14.07.2009 02:14    C:\windows\HelpPane.exe --------- 497152 
  14.07.2009 02:14    C:\windows\fveupdate.exe --------- 13824 
  14.07.2009 02:14    C:\windows\bfsvc.exe --------- 65024 
  13.07.2009 23:58    C:\windows\mib.bin --------- 43131 
  24.06.2009 19:43    C:\windows\RtlExUpd.dll --------- 831488 
  10.06.2009 22:46    C:\windows\system.ini --------- 219 
  10.06.2009 22:42    C:\windows\_default.pif --------- 707 
  10.06.2009 22:42    C:\windows\winhelp.exe --------- 256192 
  10.06.2009 22:41    C:\windows\twunk_16.exe --------- 49680 
  10.06.2009 22:41    C:\windows\twain.dll --------- 94784 
  10.06.2009 22:34    C:\windows\WMSysPr9.prx --------- 316640 
  10.06.2009 22:19    C:\windows\msdfmap.ini --------- 1405 
  10.06.2009 22:14    C:\windows\Starter.xml --------- 48201 
  02.02.2009 19:26    C:\windows\SkyDrive.ico --------- 419750 
  05.02.2007 19:05    C:\windows\AviSplitter.INI --------- 38 
  29.10.1998 15:45    C:\windows\IsUninst.exe --------- 306688 
----------------------------------------

 
C:\windows\System

 13.07.2009 22:41      C:\windows\System\OLESVR.DLL --------- 24064
 13.07.2009 22:41      C:\windows\System\WFWNET.DRV --------- 12704
 13.07.2009 22:41      C:\windows\System\COMMDLG.DLL --------- 32816
 13.07.2009 22:41      C:\windows\System\TIMER.DRV --------- 4048
 13.07.2009 22:41      C:\windows\System\MMSYSTEM.DLL --------- 68992
 13.07.2009 22:41      C:\windows\System\mmtask.tsk --------- 1152
 13.07.2009 22:41      C:\windows\System\mouse.drv --------- 2032
 13.07.2009 22:41      C:\windows\System\vga.drv --------- 2176
 13.07.2009 22:41      C:\windows\System\sound.drv --------- 1744
 13.07.2009 22:41      C:\windows\System\keyboard.drv --------- 2000
 13.07.2009 22:41      C:\windows\System\SHELL.DLL --------- 5120
 13.07.2009 22:41      C:\windows\System\system.drv --------- 3360
 10.06.2009 22:42      C:\windows\System\ver.dll --------- 9008
 10.06.2009 22:42      C:\windows\System\olecli.dll --------- 82944
 10.06.2009 22:42      C:\windows\System\lzexpand.dll --------- 9936
 10.06.2009 22:25      C:\windows\System\stdole.tlb --------- 5532
 10.06.2009 22:21      C:\windows\System\msvideo.dll --------- 126912
 10.06.2009 22:21      C:\windows\System\mciwave.drv --------- 28160
 10.06.2009 22:21      C:\windows\System\mciseq.drv --------- 25264
 10.06.2009 22:21      C:\windows\System\mciavi.drv --------- 73376
 10.06.2009 22:21      C:\windows\System\avifile.dll --------- 109456
 10.06.2009 22:21      C:\windows\System\avicap.dll --------- 69584
----------------------------------------

 
C:\windows\System32

 07.03.2011 19:58    C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 10272 
 07.03.2011 19:58    C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 10272 
 07.03.2011 19:25    C:\windows\system32\config --------- 24576 
 07.03.2011 19:25    C:\windows\system32\KGyGaAvL.sys --------- 952 
 07.03.2011 19:17    C:\windows\system32\DriverStore --------- 4096 
 07.03.2011 19:14    C:\windows\system32\Ikeext.etl --------- 16384 
 06.03.2011 15:36    C:\windows\system32\perfh009.dat --------- 607190 
 06.03.2011 15:36    C:\windows\system32\perfc009.dat --------- 103568 
 06.03.2011 15:36    C:\windows\system32\perfh007.dat --------- 643866 
 06.03.2011 15:36    C:\windows\system32\perfc007.dat --------- 126394 
 06.03.2011 15:36    C:\windows\system32\PerfStringBackup.INI --------- 1472002 
 06.03.2011 11:38    C:\windows\system32\drivers --------- 65536 
 05.03.2011 21:25    C:\windows\system32\Tasks --------- 8192 
 04.03.2011 23:21    C:\windows\system32\config.nt --------- 2577 
 01.03.2011 11:42    C:\windows\system32\ConduitEngine.tmp --------- 0 
 01.03.2011 08:55    C:\windows\system32\NDF --------- 0 
 01.03.2011 08:34    C:\windows\system32\catroot --------- 4096 
 25.02.2011 21:44    C:\windows\system32\FNTCACHE.DAT --------- 302408 
 23.02.2011 22:53    C:\windows\system32\catroot2 --------- 12288 
 23.02.2011 16:04    C:\windows\system32\aswBoot.exe --------- 190016 
 11.02.2011 07:06    C:\windows\system32\migration --------- 0 
 11.02.2011 06:42    C:\windows\system32\MRT.exe --------- 37443528 
 02.02.2011 17:11    C:\windows\system32\MpSigStub.exe --------- 222080 
 07.01.2011 08:27    C:\windows\system32\atmlib.dll --------- 34304 
 07.01.2011 06:33    C:\windows\system32\atmfd.dll --------- 294400 
 05.01.2011 06:37    C:\windows\system32\vbscript.dll --------- 428032 
 05.01.2011 06:34    C:\windows\system32\jscript.dll --------- 716800 
 05.01.2011 04:37    C:\windows\system32\win32k.sys --------- 2329088 
 18.12.2010 11:24    C:\windows\system32\de-DE --------- 262144 
 18.12.2010 06:32    C:\windows\system32\wininet.dll --------- 981504 
 18.12.2010 06:32    C:\windows\system32\urlmon.dll --------- 1228288 
 18.12.2010 06:30    C:\windows\system32\mstime.dll --------- 606208 
 18.12.2010 06:30    C:\windows\system32\mshtmled.dll --------- 67072 
 18.12.2010 06:30    C:\windows\system32\mshtml.dll --------- 5980672 
 18.12.2010 06:30    C:\windows\system32\msfeedsbs.dll --------- 64512 
 18.12.2010 06:30    C:\windows\system32\msfeeds.dll --------- 599040 
 18.12.2010 06:29    C:\windows\system32\licmgr10.dll --------- 44544 
 18.12.2010 06:29    C:\windows\system32\kerberos.dll --------- 541184 
 18.12.2010 06:29    C:\windows\system32\jsproxy.dll --------- 48128 
 18.12.2010 06:29    C:\windows\system32\ieui.dll --------- 176640 
 18.12.2010 06:29    C:\windows\system32\iertutil.dll --------- 2063360 
 18.12.2010 06:29    C:\windows\system32\iepeers.dll --------- 185856 
 18.12.2010 06:29    C:\windows\system32\ieframe.dll --------- 10989056 
 18.12.2010 06:29    C:\windows\system32\iedkcs32.dll --------- 381440 
 18.12.2010 06:26    C:\windows\system32\msfeedssync.exe --------- 12800 
 18.12.2010 05:20    C:\windows\system32\html.iec --------- 386048 
 18.12.2010 04:47    C:\windows\system32\mshtml.tlb --------- 1638912 
 14.12.2010 23:14    C:\windows\system32\ipcoin801.dll --------- 504672 
 02.11.2010 05:41    C:\windows\system32\wmicmiplugin.dll --------- 351232 
 02.11.2010 05:40    C:\windows\system32\taskschd.dll --------- 496128 
 02.11.2010 05:40    C:\windows\system32\taskcomp.dll --------- 305152 
 02.11.2010 05:39    C:\windows\system32\schedsvc.dll --------- 749056 
 02.11.2010 05:34    C:\windows\system32\taskeng.exe --------- 192000 
 02.11.2010 05:34    C:\windows\system32\schtasks.exe --------- 179712 
 27.10.2010 05:43    C:\windows\system32\ntoskrnl.exe --------- 3901824 
 27.10.2010 05:43    C:\windows\system32\ntkrnlpa.exe --------- 3957120 
 27.10.2010 05:40    C:\windows\system32\ntdll.dll --------- 1289536 
 27.10.2010 05:32    C:\windows\system32\tzres.dll --------- 2048 
 16.10.2010 05:41    C:\windows\system32\consent.exe --------- 101760 
 16.10.2010 05:36    C:\windows\system32\webio.dll --------- 314368 
 16.10.2010 05:34    C:\windows\system32\odbc32.dll --------- 573440 
 01.09.2010 05:29    C:\windows\system32\wmp.dll --------- 11406848 
 01.09.2010 05:23    C:\windows\system32\wmploc.DLL --------- 12625408 
 31.08.2010 05:32    C:\windows\system32\mfc40u.dll --------- 954288 
 31.08.2010 05:32    C:\windows\system32\mfc40.dll --------- 954752 
 27.08.2010 06:46    C:\windows\system32\srvsvc.dll --------- 168448 
 26.08.2010 05:39    C:\windows\system32\t2embed.dll --------- 109056 
 21.08.2010 06:36    C:\windows\system32\wmpmde.dll --------- 738816 
 21.08.2010 06:36    C:\windows\system32\schannel.dll --------- 224256 
 21.08.2010 06:33    C:\windows\system32\comctl32.dll --------- 530432 
 21.08.2010 06:32    C:\windows\system32\spoolsv.exe --------- 316928 
 14.08.2010 11:32    C:\windows\system32\x64 --------- 0 
 10.08.2010 04:15    C:\windows\system32\QuickTime.qts --------- 69632 
 10.08.2010 04:15    C:\windows\system32\QuickTimeVR.qtx --------- 94208 
 04.08.2010 17:06    C:\windows\system32\TVWSetup.exe --------- 8198680 
 04.08.2010 17:06    C:\windows\system32\igfxtray.exe --------- 141848 
 04.08.2010 17:06    C:\windows\system32\igfxsrvc.exe --------- 252952 
 04.08.2010 17:06    C:\windows\system32\igfxpers.exe --------- 150552 
 04.08.2010 17:06    C:\windows\system32\igfxext.exe --------- 173080 
 04.08.2010 17:06    C:\windows\system32\igfxcfg.exe --------- 672792 
 04.08.2010 17:06    C:\windows\system32\hkcmd.exe --------- 173592 
 04.08.2010 17:06    C:\windows\system32\igxpun.exe --------- 1006104 
 03.08.2010 09:42    C:\windows\system32\wdi --------- 4096 
 29.07.2010 07:30    C:\windows\system32\ir32_32.dll --------- 197632 
 29.07.2010 07:30    C:\windows\system32\iccvid.dll --------- 82944 
 27.07.2010 15:03    C:\windows\system32\shell32.dll --------- 12867584 
 13.07.2010 15:30    C:\windows\system32\iglhxs32.vp --------- 39308 
 13.07.2010 14:36    C:\windows\system32\igfxCoIn_v2176.dll --------- 155648 
 13.07.2010 14:23    C:\windows\system32\igdumd32.dll --------- 3829760 
 13.07.2010 14:03    C:\windows\system32\ig4dev32.dll --------- 2686976 
 13.07.2010 14:03    C:\windows\system32\ig4icd32.dll --------- 4104192 
 13.07.2010 13:56    C:\windows\system32\igfxrtha.lrc --------- 262656 
 13.07.2010 13:56    C:\windows\system32\igfxrtrk.lrc --------- 279040 
 13.07.2010 13:56    C:\windows\system32\igfxrsve.lrc --------- 282624 
 13.07.2010 13:56    C:\windows\system32\igfxrslv.lrc --------- 277504 
 13.07.2010 13:56    C:\windows\system32\igfxrrus.lrc --------- 291328 
 13.07.2010 13:56    C:\windows\system32\igfxrptb.lrc --------- 289280 
 13.07.2010 13:56    C:\windows\system32\igfxrptg.lrc --------- 294912 
 13.07.2010 13:56    C:\windows\system32\igfxrplk.lrc --------- 287744 
 13.07.2010 13:56    C:\windows\system32\igfxrsky.lrc --------- 282624 
----------------------------------------

 
C:\windows\Prefetch

----------------------------------------

 
C:\windows\Tasks

 07.03.2011 19:45    C:\windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096 
 07.03.2011 19:15    C:\windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092 
 07.03.2011 19:15    C:\windows\Tasks\RegistryBooster.job --------- 330 
 07.03.2011 19:14    C:\windows\Tasks\SA.DAT --------- 6 
 17.01.2011 15:58    C:\windows\Tasks\SCHEDLGU.TXT --------- 32640 
----------------------------------------

 
C:\windows\Temp

----------------------------------------

 
C:\Users\mama\AppData\Local\Temp

 07.03.2011 20:12    C:\Users\mama\AppData\Local\Temp\IM --------- 98304 
 07.03.2011 20:05    C:\Users\mama\AppData\Local\Temp\_avast_ --------- 0 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\sqlite_TJ62cguD9KliaRt --------- 1024 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG5106.tmp --------- 3095 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG50D6.tmp --------- 3679 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG3F1A.tmp --------- 1465 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG3F09.tmp --------- 2517 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG3ED9.tmp --------- 1717 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG3EC9.tmp --------- 1279 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG3EB8.tmp --------- 1392 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG3EA8.tmp --------- 925 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG3E97.tmp --------- 694 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\BCG3B5B.tmp --------- 38303 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\  Tempor„re Dateien --------- 0 
 07.03.2011 19:25    C:\Users\mama\AppData\Local\Temp\PCULog3.txt --------- 1324 
 07.03.2011 19:16    C:\Users\mama\AppData\Local\Temp\~DF7F442218CDA4B4B0.TMP --------- 312320 
 07.03.2011 19:16    C:\Users\mama\AppData\Local\Temp\JET35DE.tmp --------- 0 
 07.03.2011 19:16    C:\Users\mama\AppData\Local\Temp\WPDNSE --------- 0 
 07.03.2011 15:50    C:\Users\mama\AppData\Local\Temp\mama.bmp --------- 31832 
 07.03.2011 15:16    C:\Users\mama\AppData\Local\Temp\{584D3233-E504-434A-9649-F491889445FF} --------- 0 
 07.03.2011 14:13    C:\Users\mama\AppData\Local\Temp\~DF9344146EDDBA435E.TMP --------- 312320 
 07.03.2011 02:04    C:\Users\mama\AppData\Local\Temp\PCULog2.txt --------- 1382 
 07.03.2011 00:21    C:\Users\mama\AppData\Local\Temp\Twain001.Mtx --------- 3 
 07.03.2011 00:17    C:\Users\mama\AppData\Local\Temp\PCULog1.txt --------- 1382 
 06.03.2011 21:12    C:\Users\mama\AppData\Local\Temp\~DF7D00AAB15AC3816C.TMP --------- 312320 
 06.03.2011 16:39    C:\Users\mama\AppData\Local\Temp\PCULog0.txt --------- 17337 
 06.03.2011 16:13    C:\Users\mama\AppData\Local\Temp\amt.log --------- 27882 
 06.03.2011 16:13    C:\Users\mama\AppData\Local\Temp\csxs-PHSP.log --------- 1644 
 06.03.2011 15:55    C:\Users\mama\AppData\Local\Temp\TWAIN.LOG --------- 695 
 06.03.2011 15:55    C:\Users\mama\AppData\Local\Temp\Twunk001.MTX --------- 156 
 06.03.2011 15:26    C:\Users\mama\AppData\Local\Temp\{FD078A56-226A-40A4-B689-1D4D75093791} --------- 0 
 06.03.2011 14:08    C:\Users\mama\AppData\Local\Temp\~DF64E715FB58DC99EA.TMP --------- 312320 
 05.03.2011 21:24    C:\Users\mama\AppData\Local\Temp\mia8E8A.tmp --------- 0 
 05.03.2011 20:36    C:\Users\mama\AppData\Local\Temp\{4ADAE07B-987C-43A0-866C-8A23BED87E1A} --------- 0 
 05.03.2011 20:06    C:\Users\mama\AppData\Local\Temp\Low --------- 0 
 05.03.2011 20:04    C:\Users\mama\AppData\Local\Temp\StructuredQuery.log --------- 1023 
 05.03.2011 19:36    C:\Users\mama\AppData\Local\Temp\~DF2C6AA8082A79CA3C.TMP --------- 312320 
 05.03.2011 16:13    C:\Users\mama\AppData\Local\Temp\UserInfoSetup(20110305161305DB8).log --------- 3843 
 05.03.2011 16:13    C:\Users\mama\AppData\Local\Temp\SetupExe(20110305161255DB8).log --------- 3457 
 05.03.2011 16:09    C:\Users\mama\AppData\Local\Temp\msohtmlclip1 --------- 0 
 05.03.2011 15:56    C:\Users\mama\AppData\Local\Temp\UserInfoSetup(2011030515560811DC).log --------- 3836 
 05.03.2011 15:55    C:\Users\mama\AppData\Local\Temp\SetupExe(2011030515555211DC).log --------- 3458 
 05.03.2011 12:57    C:\Users\mama\AppData\Local\Temp\plugtmp-4 --------- 0 
 05.03.2011 12:51    C:\Users\mama\AppData\Local\Temp\chrome_installer.log --------- 0 
 05.03.2011 12:25    C:\Users\mama\AppData\Local\Temp\~DF7F0AB017F384E7B4.TMP --------- 312320 
 05.03.2011 01:27    C:\Users\mama\AppData\Local\Temp\plugtmp-3 --------- 0 
 05.03.2011 00:52    C:\Users\mama\AppData\Local\Temp\{3B6BD726-7968-4C3C-B952-40BDA2CA72C9} --------- 0 
 04.03.2011 23:49    C:\Users\mama\AppData\Local\Temp\~DF42B671798AFDE39D.TMP --------- 312320 
 04.03.2011 23:44    C:\Users\mama\AppData\Local\Temp\hsperfdata_mama --------- 0 
 04.03.2011 23:26    C:\Users\mama\AppData\Local\Temp\~DF626A2FF95FF2032C.TMP --------- 81920 
 04.03.2011 23:19    C:\Users\mama\AppData\Local\Temp\plugtmp-2 --------- 0 
 04.03.2011 23:14    C:\Users\mama\AppData\Local\Temp\rkill.log --------- 2865 
 04.03.2011 23:14    C:\Users\mama\AppData\Local\Temp\RarSFX1 --------- 0 
 04.03.2011 23:14    C:\Users\mama\AppData\Local\Temp\rks1.log --------- 2803 
 04.03.2011 23:13    C:\Users\mama\AppData\Local\Temp\RarSFX0 --------- 0 
 04.03.2011 23:02    C:\Users\mama\AppData\Local\Temp\{ae977d1f-cd7f-45b2-9106-bb887f20cb15} --------- 0 
 04.03.2011 22:56    C:\Users\mama\AppData\Local\Temp\10D.tmp --------- 0 
 04.03.2011 22:55    C:\Users\mama\AppData\Local\Temp\A5F2.tmp --------- 0 
 04.03.2011 22:55    C:\Users\mama\AppData\Local\Temp\A5D3.tmp --------- 0 
 04.03.2011 22:55    C:\Users\mama\AppData\Local\Temp\A594.tmp --------- 122880 
 04.03.2011 22:55    C:\Users\mama\AppData\Local\Temp\A5F2.exe --------- 122880 
 04.03.2011 22:55    C:\Users\mama\AppData\Local\Temp\F0D8.tmp --------- 122880 
 04.03.2011 22:55    C:\Users\mama\AppData\Local\Temp\A49A.tmp --------- 122880 
 04.03.2011 22:55    C:\Users\mama\AppData\Local\Temp\A5D3.exe --------- 122880 
 04.03.2011 22:27    C:\Users\mama\AppData\Local\Temp\{BD5688F8-200C-455A-A2D1-C6409D930386} --------- 0 
 04.03.2011 21:22    C:\Users\mama\AppData\Local\Temp\~DF253C2C0786027786.TMP --------- 312320 
 04.03.2011 20:40    C:\Users\mama\AppData\Local\Temp\~DF0C73FBF32F5AE19F.TMP --------- 312320 
 04.03.2011 13:17    C:\Users\mama\AppData\Local\Temp\{E19C9D2F-D326-4B72-A19E-16669E283877} --------- 0 
 04.03.2011 12:15    C:\Users\mama\AppData\Local\Temp\~DF433204C03D90AD41.TMP --------- 312320 
 04.03.2011 09:57    C:\Users\mama\AppData\Local\Temp\{A039EC12-EF94-4159-8E48-8E41538F4AF5} --------- 0 
 04.03.2011 09:46    C:\Users\mama\AppData\Local\Temp\~DF5EFC23FA8858A6EA.TMP --------- 312320 
 03.03.2011 22:28    C:\Users\mama\AppData\Local\Temp\{A50E0697-577F-4F62-948B-3DFD395DD562} --------- 0 
 03.03.2011 21:33    C:\Users\mama\AppData\Local\Temp\~DFCBB9BEF33F04804C.TMP --------- 312320 
 03.03.2011 17:55    C:\Users\mama\AppData\Local\Temp\{B8AEF6C3-F929-4E72-883C-EF44AA3061F7} --------- 0 
 03.03.2011 17:52    C:\Users\mama\AppData\Local\Temp\~DF8D638DBA5C6ADD3D.TMP --------- 312320 
 02.03.2011 18:25    C:\Users\mama\AppData\Local\Temp\UserInfoSetup(201103021825048F0).log --------- 3833 
 02.03.2011 18:24    C:\Users\mama\AppData\Local\Temp\SetupExe(201103021824508F0).log --------- 3451 
 02.03.2011 18:23    C:\Users\mama\AppData\Local\Temp\~DF2ECC75B3B700CE2B.TMP --------- 312320 
 02.03.2011 18:23    C:\Users\mama\AppData\Local\Temp\Cookies --------- 0 
 02.03.2011 15:54    C:\Users\mama\AppData\Local\Temp\UserInfoSetup(20110302155417F24).log --------- 3834 
 02.03.2011 15:54    C:\Users\mama\AppData\Local\Temp\SetupExe(20110302155414F24).log --------- 3454 
 02.03.2011 15:51    C:\Users\mama\AppData\Local\Temp\2922101.od --------- 134 
 02.03.2011 15:51    C:\Users\mama\AppData\Local\Temp\CVR9665.tmp.cvr --------- 0 
 02.03.2011 15:49    C:\Users\mama\AppData\Local\Temp\2826784.od --------- 134 
 02.03.2011 15:49    C:\Users\mama\AppData\Local\Temp\CVR2220.tmp.cvr --------- 0 
 02.03.2011 15:44    C:\Users\mama\AppData\Local\Temp\msohtmlclip --------- 0 
 02.03.2011 15:27    C:\Users\mama\AppData\Local\Temp\UserInfoSetup(2011030215274046C).log --------- 3834 
 02.03.2011 15:27    C:\Users\mama\AppData\Local\Temp\SetupExe(2011030215273246C).log --------- 3454 
 02.03.2011 15:04    C:\Users\mama\AppData\Local\Temp\srv618.tmp --------- 0 
 02.03.2011 15:03    C:\Users\mama\AppData\Local\Temp\~DFDD22BAEA447A5085.TMP --------- 312320 
 02.03.2011 12:54    C:\Users\mama\AppData\Local\Temp\plugtmp-1 --------- 0 
 02.03.2011 12:30    C:\Users\mama\AppData\Local\Temp\{9DF3D734-D472-4E53-9624-FAC9DDA9CEAF} --------- 0 
 02.03.2011 11:10    C:\Users\mama\AppData\Local\Temp\~DF987A5474F8B455EF.TMP --------- 312320 
 02.03.2011 09:34    C:\Users\mama\AppData\Local\Temp\{0320677C-9733-4411-8EAF-D1A366658043} --------- 0 
 02.03.2011 09:06    C:\Users\mama\AppData\Local\Temp\~DF96536FEB271A7B13.TMP --------- 312320 
 02.03.2011 08:52    C:\Users\mama\AppData\Local\Temp\~DF7793EF7618A009DB.TMP --------- 312320 
 01.03.2011 14:59    C:\Users\mama\AppData\Local\Temp\{100DADB4-4D55-4FAC-9A05-0C9846C5BAA4} --------- 0 
 01.03.2011 14:55    C:\Users\mama\AppData\Local\Temp\srvF324.tmp --------- 0 
 01.03.2011 14:47    C:\Users\mama\AppData\Local\Temp\~DF4E7D7260990DFE3D.TMP --------- 312320 
 01.03.2011 13:21    C:\Users\mama\AppData\Local\Temp\wmplog00.sqm --------- 1606 
 01.03.2011 12:14    C:\Users\mama\AppData\Local\Temp\wmsetup.log --------- 6066 
 01.03.2011 11:41    C:\Users\mama\AppData\Local\Temp\nsg4605.tmp --------- 0 
 01.03.2011 11:29    C:\Users\mama\AppData\Local\Temp\E220AutoRunLog.tmp --------- 13565 
 01.03.2011 11:25    C:\Users\mama\AppData\Local\Temp\~DF2A6DC3149F66A9D9.TMP --------- 312320 
 01.03.2011 08:55    C:\Users\mama\AppData\Local\Temp\msdt --------- 0 
 01.03.2011 08:53    C:\Users\mama\AppData\Local\Temp\setup_vmc_lite.log --------- 1573 
 01.03.2011 08:34    C:\Users\mama\AppData\Local\Temp\MSI1a2a1.LOG --------- 432 
 01.03.2011 08:34    C:\Users\mama\AppData\Local\Temp\ServiceConfiguration.log --------- 60 
 01.03.2011 08:34    C:\Users\mama\AppData\Local\Temp\preinstlog.txt --------- 1219 
 01.03.2011 08:24    C:\Users\mama\AppData\Local\Temp\{C78C52B8-7680-4EC9-8A6D-8BEBFB9345F3} --------- 0 
 28.02.2011 09:06    C:\Users\mama\AppData\Local\Temp\~DFA3DA768EBF10306C.TMP --------- 312320 
 27.02.2011 21:49    C:\Users\mama\AppData\Local\Temp\UserInfoSetup(20110227214933AF4).log --------- 16555 
 27.02.2011 21:49    C:\Users\mama\AppData\Local\Temp\SetupExe(20110227214922AF4).log --------- 3454 
 27.02.2011 21:49    C:\Users\mama\AppData\Local\Temp\VBE --------- 0 
 27.02.2011 21:48    C:\Users\mama\AppData\Local\Temp\~DF18E97A543657F6C0.TMP --------- 312320 
 26.02.2011 21:15    C:\Users\mama\AppData\Local\Temp\{D5F673C1-C9DC-4332-BAE7-354E3CB2BE6D} --------- 0 
 26.02.2011 20:11    C:\Users\mama\AppData\Local\Temp\~DF33835D623EAB2A7B.TMP --------- 312320 
 26.02.2011 16:22    C:\Users\mama\AppData\Local\Temp\IMInstaller --------- 0 
 26.02.2011 16:17    C:\Users\mama\AppData\Local\Temp\IM_FECB.tmp --------- 0 
 26.02.2011 16:16    C:\Users\mama\AppData\Local\Temp\cookies.sqlite --------- 167936 
 26.02.2011 16:15    C:\Users\mama\AppData\Local\Temp\~DF781295E7C837C007.TMP --------- 312320 
 26.02.2011 16:15    C:\Users\mama\AppData\Local\Temp\MessengerCache --------- 0 
 26.02.2011 16:15    C:\Users\mama\AppData\Local\Temp\_avast5_ --------- 0 
 26.02.2011 00:59    C:\Users\mama\AppData\Local\Temp\MUI --------- 0 
 26.02.2011 00:59    C:\Users\mama\AppData\Local\Temp\{5AC2ACAF-0EC5-4873-A9A7-A8E5AE8F215F} --------- 0 
 26.02.2011 00:59    C:\Users\mama\AppData\Local\Temp\{CAC4E6CC-9FD7-4DE7-95A9-CE79337CBD39} --------- 0 
 25.02.2011 21:46    C:\Users\mama\AppData\Local\Temp\~DF2C4D2604F0BEF9DD.TMP --------- 312320 
 25.02.2011 17:07    C:\Users\mama\AppData\Local\Temp\plugtmp --------- 0 
 25.02.2011 15:43    C:\Users\mama\AppData\Local\Temp\{77D9D5C0-2429-4059-A96B-12878888F562} --------- 0 
 25.02.2011 03:00    C:\Users\mama\AppData\Local\Temp\{b93bae3c-79ba-4753-be88-64398579dd7b} --------- 0 
 24.02.2011 22:52    C:\Users\mama\AppData\Local\Temp\Twunk002.MTX --------- 0 
 24.02.2011 21:40    C:\Users\mama\AppData\Local\Temp\~DF763C228C70DFE142.TMP --------- 312320 
 24.02.2011 13:44    C:\Users\mama\AppData\Local\Temp\{A7DDF729-A82D-44C8-9026-9E213AAA2052} --------- 0 
 24.02.2011 13:27    C:\Users\mama\AppData\Local\Temp\5189.dir --------- 0 
 24.02.2011 13:27    C:\Users\mama\AppData\Local\Temp\5189.tmp --------- 0 
 24.02.2011 13:27    C:\Users\mama\AppData\Local\Temp\~DF9AC2858928094A99.TMP --------- 312320 
 23.02.2011 23:30    C:\Users\mama\AppData\Local\Temp\Google Toolbar --------- 0 
 23.02.2011 22:18    C:\Users\mama\AppData\Local\Temp\~DF398DE0BD4F188414.TMP --------- 312320 
 16.02.2011 16:19    C:\Users\mama\AppData\Local\Temp\nsg4605.tmp.ConduitEngineEmbbed.exe --------- 4445256 
 27.09.2010 13:29    C:\Users\mama\AppData\Local\Temp\IncrediMail_MediaBar_2.exe --------- 2466128 
 12.09.2010 15:03    C:\Users\mama\AppData\Local\Temp\GLFEDFE.tmp.ConduitEngineSetup.exe --------- 157536 
 26.08.2010 20:41    C:\Users\mama\AppData\Local\Temp\History --------- 0 
 26.08.2010 20:41    C:\Users\mama\AppData\Local\Temp\Temporary Internet Files --------- 0 
 22.08.2010 16:31    C:\Users\mama\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
 26.05.2010 10:37    C:\Users\mama\AppData\Local\Temp\Letter Creator.lnk --------- 2002 
 14.07.2009 02:14    C:\Users\mama\AppData\Local\Temp\samrxencow.exe --------- 47104 
 14.07.2009 02:14    C:\Users\mama\AppData\Local\Temp\err.log5653772 --------- 47104 
 22.07.2005 10:44    C:\Users\mama\AppData\Local\Temp\INST01.dll --------- 131072 
----------------------------------------

 
C:\Program Files

 06.03.2011 16:15    C:\Program Files\Mozilla Firefox --------- 28672 
 06.03.2011 16:13    C:\Program Files\Common Files --------- 4096 
 06.03.2011 14:38    C:\Program Files\Trend Micro --------- 0 
 05.03.2011 21:24    C:\Program Files\Uniblue --------- 0 
 04.03.2011 23:21    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 03.03.2011 22:20    C:\Program Files\7-Zip --------- 4096 
 01.03.2011 16:21    C:\Program Files\Alien Skin --------- 0 
 01.03.2011 11:52    C:\Program Files\IncrediMail_MediaBar_2 --------- 0 
 01.03.2011 11:42    C:\Program Files\ConduitEngine --------- 0 
 26.02.2011 16:21    C:\Program Files\Photo Notifier and Animation Creator --------- 0 
 26.02.2011 16:21    C:\Program Files\Conduit --------- 0 
 25.02.2011 03:00    C:\Program Files\Virtual --------- 0 
 24.02.2011 22:49    C:\Program Files\Native --------- 0 
 24.02.2011 21:49    C:\Program Files\Microsoft IntelliPoint --------- 8192 
 11.02.2011 07:06    C:\Program Files\Internet Explorer --------- 4096 
 24.01.2011 19:41    C:\Program Files\Windows Live --------- 4096 
 18.12.2010 11:25    C:\Program Files\Microsoft Silverlight --------- 0 
 18.12.2010 11:24    C:\Program Files\Windows Mail --------- 0 
 13.11.2010 22:51    C:\Program Files\Alwil Software --------- 0 
 13.11.2010 22:22    C:\Program Files\Samsung Casual Games --------- 4096 
 15.10.2010 18:44    C:\Program Files\Windows Media Player --------- 4096 
 27.08.2010 20:28    C:\Program Files\QuickTime --------- 4096 
 27.08.2010 20:23    C:\Program Files\Apple Software Update --------- 4096 
 27.08.2010 20:16    C:\Program Files\Samsung --------- 4096 
 27.08.2010 20:15    C:\Program Files\InstallShield Installation Information --------- 0 
 27.05.2010 22:10    C:\Program Files\Microsoft Works --------- 0 
 27.05.2010 16:51    C:\Program Files\Xenocode --------- 0 
 26.05.2010 10:36    C:\Program Files\IncrediMail --------- 0 
 25.05.2010 10:47    C:\Program Files\Vodafone --------- 0 
 22.05.2010 21:36    C:\Program Files\BigFishGames --------- 0 
 11.04.2010 20:42    C:\Program Files\Google --------- 4096 
 08.04.2010 20:48    C:\Program Files\PLAY ONLINE --------- 0 
 07.04.2010 16:24    C:\Program Files\Windows Sidebar --------- 4096 
 07.04.2010 16:24    C:\Program Files\DVD Maker --------- 0 
 07.04.2010 16:24    C:\Program Files\Windows Photo Viewer --------- 4096 
 07.04.2010 16:24    C:\Program Files\Windows Defender --------- 4096 
 28.03.2010 12:27    C:\Program Files\PhotoScape --------- 4096 
 27.03.2010 19:39    C:\Program Files\Java --------- 0 
 25.03.2010 13:30    C:\Program Files\MSXML 4.0 --------- 0 
 24.03.2010 02:48    C:\Program Files\CyberLink --------- 0 
 24.03.2010 02:38    C:\Program Files\Microsoft SQL Server Compact Edition --------- 0 
 24.03.2010 02:37    C:\Program Files\Windows Live SkyDrive --------- 0 
 24.03.2010 02:32    C:\Program Files\Microsoft Office Activation Assistant for Netbooks --------- 49152 
 24.03.2010 02:25    C:\Program Files\Microsoft Office --------- 4096 
 24.03.2010 02:24    C:\Program Files\Microsoft.NET --------- 0 
 24.03.2010 02:12    C:\Program Files\AnyPC Client --------- 0 
 24.03.2010 02:10    C:\Program Files\Adobe --------- 0 
 23.03.2010 22:13    C:\Program Files\Corel --------- 0 
 23.03.2010 22:09    C:\Program Files\Win7codecs --------- 0 
 23.03.2010 21:17    C:\Program Files\Atheros Client Installation Program --------- 0 
 23.03.2010 21:11    C:\Program Files\Microsoft Sync Framework --------- 0 
 23.03.2010 21:05    C:\Program Files\Microsoft --------- 0 
 27.08.2009 10:11    C:\Program Files\Phoenix Technologies Ltd --------- 0 
 27.08.2009 09:42    C:\Program Files\Synaptics --------- 0 
 27.08.2009 09:39    C:\Program Files\REALTEK Wireless LAN Software --------- 0 
 27.08.2009 09:38    C:\Program Files\Realtek --------- 0 
 27.08.2009 09:36    C:\Program Files\Temp --------- 0 
 27.08.2009 09:35    C:\Program Files\Intel --------- 0 
 14.07.2009 05:53    C:\Program Files\Uninstall Information --------- 0 
 14.07.2009 05:52    C:\Program Files\Windows Portable Devices --------- 0 
 14.07.2009 05:52    C:\Program Files\Microsoft Games --------- 0 
 14.07.2009 05:52    C:\Program Files\Windows NT --------- 0 
 14.07.2009 05:52    C:\Program Files\Reference Assemblies --------- 0 
 14.07.2009 05:52    C:\Program Files\MSBuild --------- 0 
 14.07.2009 05:41    C:\Program Files\desktop.ini --------- 174 
----------------------------------------

 
C:\ProgramData\..

mama   
Public   
chanti   
Jessy   
Default   
All Users   
Default User   
desktop.ini   
----------------------------------------

 
C:\windows\system32\drivers\etc\hosts


----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            12 K
System                          4 Services                  0          892 K
smss.exe                      292 Services                  0          796 K
csrss.exe                      428 Services                  0        3.160 K
csrss.exe                      484 Console                    1        8.612 K
wininit.exe                    492 Services                  0        3.700 K
services.exe                  544 Services                  0        7.296 K
winlogon.exe                  568 Console                    1        4.972 K
lsass.exe                      588 Services                  0        8.512 K
lsm.exe                        608 Services                  0        3.268 K
svchost.exe                    704 Services                  0        7.212 K
svchost.exe                    804 Services                  0        6.320 K
svchost.exe                    900 Services                  0        14.856 K
svchost.exe                    952 Services                  0        34.556 K
svchost.exe                  1000 Services                  0        29.676 K
svchost.exe                  1128 Services                  0        11.292 K
svchost.exe                  1276 Services                  0        11.756 K
AvastSvc.exe                  1384 Services                  0        14.716 K
spoolsv.exe                  1768 Services                  0        9.128 K
svchost.exe                  1804 Services                  0        10.680 K
svchost.exe                  1952 Services                  0        7.508 K
OberonGameConsoleService.    2028 Services                  0        14.204 K
PSIService.exe                668 Services                  0        4.724 K
Rezip.exe                      720 Services                  0        5.092 K
SeaPort.exe                  1196 Services                  0        7.716 K
svchost.exe                  1324 Services                  0        4.764 K
VMCService.exe                1236 Services                  0        14.792 K
svchost.exe                  1476 Services                  0        23.732 K
taskhost.exe                  2900 Console                    1        7.316 K
taskeng.exe                  2932 Console                    1        4.468 K
SSCKbdHk.exe                  3000 Console                    1          608 K
rbmonitor.exe                3064 Console                    1          820 K
EasySpeedUpManager.exe        3088 Console                    1          664 K
WCScheduler.exe              3100 Console                    1          520 K
dmhkcore.exe                  3108 Console                    1          572 K
dwm.exe                      3164 Console                    1        4.492 K
explorer.exe                  3180 Console                    1        52.932 K
igfxext.exe                  3296 Console                    1        3.920 K
igfxsrvc.exe                  3384 Console                    1        4.444 K
RtHDVCpl.exe                  3596 Console                    1        8.288 K
SynTPEnh.exe                  3616 Console                    1        10.364 K
igfxtray.exe                  3820 Console                    1        4.576 K
hkcmd.exe                    3836 Console                    1        4.696 K
igfxpers.exe                  3868 Console                    1        4.536 K
AvastUI.exe                  3876 Console                    1        6.840 K
ipoint.exe                    3964 Console                    1        16.408 K
igfxsrvc.exe                  4004 Console                    1        4.768 K
SynTPHelper.exe                200 Console                    1        2.696 K
MobileConnect.exe            2540 Console                    1        30.712 K
GoogleToolbarNotifier.exe    2624 Console                    1        1.660 K
SearchIndexer.exe            1460 Services                  0        18.132 K
dpupdchk.exe                  2656 Console                    1        3.736 K
IncMail.exe                  2660 Console                    1        9.768 K
wmpnetwk.exe                  3884 Services                  0        4.828 K
ImApp.exe                    2272 Console                    1          560 K
firefox.exe                  5196 Console                    1      114.868 K
Corel Paint Shop Pro Phot    3680 Console                    1        77.804 K
cmd.exe                        820 Console                    1        3.408 K
conhost.exe                  4296 Console                    1        4.892 K
SearchProtocolHost.exe        5100 Services                  0        6.516 K
SearchFilterHost.exe          5736 Services                  0        4.624 K
ImNotfy.exe                  3360 Console                    1        17.388 K
tasklist.exe                  5700 Console                    1        4.468 K
audiodg.exe                  2576 Services                  0        3.148 K
WmiPrvSE.exe                  4652 Services                  0        5.260 K

 
***** Ende des Scans 07.03.2011 um 20:13:00,23 ***

monije 07.03.2011 20:23
installierten Programme

7-Zip 9.20 02.03.2011
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 15.10.2010 6,00MB 10.1.85.3
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 23.02.2011 6,00MB 10.2.152.26
Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 23.03.2010 230MB 9.1.0
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 06.05.2010 11.5.6.606
Alice Greenfingers Oberon Media 23.03.2010
Alien Skin Exposure 2 28.02.2011
Alien Skin Snap Art 28.02.2011
AnyPC Client Doctorsoft 23.03.2010 1.0.0.12
Apple Application Support Apple Inc. 26.08.2010 42,8MB 1.3.1
Apple Software Update Apple Inc. 26.08.2010 2,16MB 2.1.1.116
Atheros Client Installation Program Atheros 22.03.2010 1.0.1.0805
avast! Free Antivirus AVAST Software 03.03.2011 6.0.1000.0
BatteryLifeExtender Samsung 26.08.2009 14,6MB 1.0.0
CCleaner Piriform 06.03.2011 3.04
Conduit Engine Conduit Ltd. 26.02.2011
Corel Paint Shop Pro Photo XI Corel Corporation 22.03.2010 194,5MB 11.20.0000
CyberLink YouCam CyberLink Corp. 23.03.2010 78,3MB 2.0.2907
Dairy Dash Oberon Media 23.03.2010
Easy Display Manager Samsung Electronics Co., Ltd. 26.08.2009 3.0
Easy Network Manager Samsung 26.08.2009 19,1MB 4.0.2
Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 26.08.2009 3.0.0.4
EasyBatteryManager Samsung 26.08.2009 4.0.0.2
Elf Bowling Hawaiian Vacation Oberon Media 23.03.2010
Filters Unlimited 2.0.3 28.02.2011
Game Pack Oberon Media, Inc. 23.03.2010 5.3.0.10
Go-Go Gourmet Oberon Media 23.03.2010
Google Chrome Google Inc. 10.04.2010 9.0.597.107
Google Toolbar for Internet Explorer Google Inc. 04.03.2011 6.6.1409.1944
HiJackThis Trend Micro 05.03.2011 0,36MB 1.0.0
IncrediMail 2.0 IncrediMail Ltd. 25.02.2011 6.2.6.4878
IncrediMail MediaBar 2 Toolbar IncrediMail MediaBar 2 28.02.2011 6.1.0.7
Intel(R) Graphics Media Accelerator Driver Intel Corporation 26.08.2010 54,3MB 8.15.10.2176
Java(TM) 6 Update 18 Sun Microsystems, Inc. 26.03.2010 94,5MB 6.0.180
Jigsaw World 1.00 21.05.2010
Malwarebytes' Anti-Malware Malwarebytes Corporation 03.03.2011 10,5MB
Microsoft IntelliPoint 8.0 Microsoft 23.02.2011 32,1MB 8.01.249.0
Microsoft Office Activation Assistant for Netbooks Microsoft Corporation 23.03.2010 8,20MB 1.6
Microsoft Office Home and Student 2007 Microsoft Corporation 24.03.2010 12.0.6425.1000
Microsoft Office Live Add-in 1.3 Microsoft Corporation 23.03.2010 0,48MB 2.0.2313.0
Microsoft Silverlight Microsoft Corporation 17.12.2010 120,3MB 4.0.51204.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 23.03.2010 1,72MB 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 23.01.2011 0,61MB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 23.01.2011 1,45MB 1.0.1215.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12.11.2010 0,58MB 9.0.30729.4148
Microsoft Works 6-9 Converter Microsoft Corporation 30.05.2010 4,62MB 9.7.0000
Mozilla Firefox (3.6.13) Mozilla 27.12.2010 3.6.13 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 24.03.2010 35,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.03.2010 1,33MB 4.20.9876.0
Photo Notifier and Animation Creator IncrediMail Ltd. 25.02.2011 1.0.0.1009
PhotoScape 27.03.2010
PLAY ONLINE Huawei Technologies Co.,Ltd 07.04.2010 11.002.03.11.264
QuickTime Apple Inc. 26.08.2010 73,7MB 7.67.75.0
Realtek Ethernet Controller Driver Realtek 26.08.2009 1.00.0008
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 26.08.2009 6.0.1.5898
REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 26.08.2009 1.01.0088
Samsung Recovery Solution 4 Samsung 26.08.2010 4.0.0.6
Samsung Support Center Samsung 26.08.2009 40,8MB 1.0.0
Samsung Update Plus Samsung Electronics Co., Ltd. 26.08.2009 2.0
Synaptics Pointing Device Driver Synaptics Incorporated 22.02.2011 15.0.10.0
Uniblue RegistryBooster Uniblue Systems Ltd 04.03.2011 5.0.12.1
User Guide 26.08.2009 1.0
Vodafone Mobile Connect Lite Huawei Vodafone 28.02.2011 19,1MB 9.3.0.9237
Win7codecs Shark007 22.03.2010 61,2MB 2.4.3
Windows Live Anmelde-Assistent Microsoft Corporation 23.03.2010 1,94MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 23.01.2011 14.0.8117.0416
Windows Live Sync Microsoft Corporation 23.01.2011 2,79MB 14.0.8117.416
Windows Live-Uploadtool Microsoft Corporation 23.03.2010 0,22MB 14.0.8014.1029

monije 07.03.2011 20:28
Logfile - Malwarebytes ist im 1.Post.
Brauchst du noch etwas??

kira 09.03.2011 05:36
Zitat:
Zitat von monije (Beitrag 627626)
Logfile - Malwarebytes ist im 1.Post.
wo bitte? finde es nicht!?

monije 09.03.2011 16:51
uuups, dachte im ersten Posting wäre es dabei gewesen, sorry.
Werde es gleich machen.

monije 09.03.2011 21:55
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5955

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.03.2011 19:10:45
mbam-log-2011-03-09 (19-10-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 291097
Laufzeit: 2 Stunde(n), 10 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

kira 10.03.2011 06:00
Du hast deine ersten Scanergebnisse von Malwarebytes bestimmt noch, wo alle entfernten Objekte (Funde) liegen? Zeige mir bitte das Protokoll

** Man kann die Scan-Berichte zu jeder Zeit einsehen. Dazu klickt man auf den Tab Scan-Berichte im oberen Programm-Menü. Ein Doppelklick öffnet den jeweiligen Scan-Bericht im Editor.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19