Trojaner-Board - load exe funktioniert nur teilweise

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - load exe funktioniert nur teilweise (https://www.trojaner-board.de/96622-load-exe-funktioniert-nur-teilweise.html)

load exe funktioniert nur teilweise

hallo forum
da mir hier schon einmal sehr kompetent geholfen wurde
wende ich mich heute mit einen anderen problem hierher
mein laptop (vista home premium und firefox )hat probleme mit dem browser
d.h öffnet langsam, teils gar nicht ,allgemein langsamer rechner ständige hohe auslastung der cpu
habe daher versucht die load exe anleitung zu befolgen.
dies funktioniert auch bis zu dem punkt wo sich die otl exe aufhängt
und zwar an der stelle firefox settings
wie könnte ich weiter verfahren
malwarebytes ohne funde

danke schon mal:dankeschoen:

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

► Dürfte die Probleme nicht aus heiterem Himmel kommen, daher beantworte mir bitte kurz folgende Fragen:

Hast du in der letzten Zeit:

♦ Irgendwas an deinem System geändert?
♦ Programme/Addons & Toolbars/Treiber/Spiele installiert,Update gezogen..etc - und waren die Quellen sicher?
♦ Nutzt du Externe Speichermedien wie USB-Stick, Festplatte ect? Hast Du mal diese Sachen an einem fremden Rechner angeschlossen? Oder von jemand anderem an deinen PC angesteckt?
♦ Etwas an der Registry verändert/gelöscht bzw RegCleaner/Optimizer-Tools benutzt usw
♦ In der Vergangenheit oder vor kurzem: war dein System infiziert bzw v. Viren befallen? - Wenn ja, welche Methoden hast Du angewendet zur Beseitigung? Eventuell schon vorhandene Protokoll bitte posten

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
Coverflow

hallo
danke für deine antwort
jedoch habe ich in der zwischenzeit bereits die recovery funktion von samsung genutzt
load exe erneut geladen und abgearbeitet(hat auch funktioniert)
daher jetzt im anschluss die logs(hoffe das war jetzt nicht zu doof)

Code:

OTL logfile created on: 19.03.2011 21:15:41 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\naddel\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 109,88 Gb Total Space | 81,29 Gb Free Space | 73,98% Space Free | Partition Type: NTFS

Drive D: | 110,00 Gb Total Space | 84,01 Gb Free Space | 76,37% Space Free | Partition Type: NTFS

 

Computer Name: NADDEL-PC | User Name: naddel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.03.19 20:51:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\naddel\Desktop\OTL.exe

PRC - [2011.03.03 19:28:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2010.10.01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe

PRC - [2010.10.01 22:05:24 | 000,207,448 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe

PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

PRC - [2008.07.10 12:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe

PRC - [2008.07.10 12:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.21 03:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2006.04.14 02:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.03.19 20:51:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\naddel\Desktop\OTL.exe

MOD - [2010.10.01 22:05:42 | 000,129,624 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky PURE\shellex.dll

MOD - [2010.09.20 10:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

MOD - [2008.07.27 19:03:14 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcr80.dll

MOD - [2008.07.27 19:03:14 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcp80.dll

MOD - [2008.01.21 03:25:29 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010.10.01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)

SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)

SRV - [2008.07.10 12:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.07.10 12:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.03.19 19:18:51 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2009.12.14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)

DRV - [2009.12.14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)

DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\klbg.sys -- (KLBG)

DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009.09.14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)

DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)

DRV - [2008.04.27 03:07:00 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)

DRV - [2007.05.23 09:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)

DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.19 19:46:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 19:46:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011.03.19 19:20:21 | 000,000,000 | ---D | M]

 

[2011.03.19 19:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\naddel\AppData\Roaming\mozilla\Extensions

[2011.03.19 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\ejwjxsgd.default\extensions

[2011.03.19 20:39:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\ejwjxsgd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.03.19 20:39:06 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\ejwjxsgd.default\extensions\firefox@ghostery.com

[2011.03.19 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.03.19 20:56:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2011.03.19 20:56:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU

[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)

O24 - Desktop WallPaper: D:\pics\2010-07-04 muck\muck 015.JPG

O24 - Desktop BackupWallPaper: D:\pics\2010-07-04 muck\muck 015.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.19 21:12:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.03.19 21:12:07 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2011.03.19 21:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011.03.19 20:52:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011.03.19 20:51:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\naddel\Desktop\TFC.exe

[2011.03.19 20:51:00 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\naddel\Desktop\Erunt-setup.exe

[2011.03.19 20:50:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\naddel\Desktop\OTL.exe

[2011.03.19 20:45:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.03.19 20:45:21 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011.03.19 20:45:21 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011.03.19 20:45:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011.03.19 20:45:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.03.19 20:45:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.03.19 20:45:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.03.19 20:45:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011.03.19 20:45:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011.03.19 20:45:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011.03.19 20:45:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011.03.19 20:45:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011.03.19 20:45:19 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011.03.19 20:45:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011.03.19 20:45:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011.03.19 20:45:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011.03.19 20:45:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.03.19 20:41:42 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011.03.19 20:41:42 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011.03.19 20:41:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011.03.19 20:41:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011.03.19 20:41:42 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll

[2011.03.19 20:41:41 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011.03.19 20:41:41 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011.03.19 20:41:41 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011.03.19 20:41:41 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011.03.19 20:41:41 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011.03.19 20:41:41 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011.03.19 20:41:40 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe

[2011.03.19 20:41:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011.03.19 20:41:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011.03.19 20:41:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011.03.19 20:41:39 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.03.19 20:41:39 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011.03.19 20:41:39 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.03.19 20:41:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.03.19 20:41:38 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011.03.19 20:41:38 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011.03.19 20:41:38 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe

[2011.03.19 20:41:38 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011.03.19 20:41:38 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011.03.19 20:41:38 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe

[2011.03.19 20:40:25 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

[2011.03.19 20:24:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.03.19 20:16:48 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Local\Adobe

[2011.03.19 20:16:32 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

[2011.03.19 20:16:32 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll

[2011.03.19 20:16:31 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe

[2011.03.19 20:16:31 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2011.03.19 20:16:31 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl

[2011.03.19 20:16:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll

[2011.03.19 20:16:30 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll

[2011.03.19 20:16:28 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2011.03.19 20:11:35 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2011.03.19 20:11:29 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll

[2011.03.19 20:11:26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll

[2011.03.19 20:09:01 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2011.03.19 20:08:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2011.03.19 20:08:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2011.03.19 20:06:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2011.03.19 20:06:45 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2011.03.19 20:06:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2011.03.19 20:06:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2011.03.19 20:06:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2011.03.19 20:06:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2011.03.19 20:06:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2011.03.19 20:06:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2011.03.19 20:06:43 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2011.03.19 20:06:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2011.03.19 20:06:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2011.03.19 20:06:40 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2011.03.19 20:06:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2011.03.19 20:06:40 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2011.03.19 20:06:40 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2011.03.19 20:06:40 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2011.03.19 19:54:00 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Malwarebytes

[2011.03.19 19:53:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.03.19 19:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.03.19 19:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.03.19 19:53:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.03.19 19:53:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.19 19:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011.03.19 19:48:12 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2011.03.19 19:47:55 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

[2011.03.19 19:47:53 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll

[2011.03.19 19:47:53 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll

[2011.03.19 19:47:52 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll

[2011.03.19 19:47:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2011.03.19 19:47:46 | 002,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011.03.19 19:47:45 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2011.03.19 19:47:45 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll

[2011.03.19 19:47:45 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe

[2011.03.19 19:46:50 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011.03.19 19:46:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2011.03.19 19:46:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011.03.19 19:46:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll

[2011.03.19 19:46:14 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Mozilla

[2011.03.19 19:46:14 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Local\Mozilla

[2011.03.19 19:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox

[2011.03.19 19:46:08 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[2011.03.19 19:45:19 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll

[2011.03.19 19:45:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll

[2011.03.19 19:45:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll

[2011.03.19 19:45:02 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2011.03.19 19:45:02 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2011.03.19 19:45:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2011.03.19 19:44:56 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll

[2011.03.19 19:44:43 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll

[2011.03.19 19:44:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011.03.19 19:44:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb

[2011.03.19 19:44:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb

[2011.03.19 19:44:02 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2011.03.19 19:44:02 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2011.03.19 19:44:02 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2011.03.19 19:44:01 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2011.03.19 19:44:01 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2011.03.19 19:44:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2011.03.19 19:44:01 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2011.03.19 19:44:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2011.03.19 19:44:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2011.03.19 19:43:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011.03.19 19:43:46 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011.03.19 19:43:34 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll

[2011.03.19 19:43:26 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll

[2011.03.19 19:43:24 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll

[2011.03.19 19:43:24 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll

[2011.03.19 19:43:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2011.03.19 19:43:21 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2011.03.19 19:43:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2011.03.19 19:43:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2011.03.19 19:29:53 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

[2011.03.19 19:29:40 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2011.03.19 19:29:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2011.03.19 19:29:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2011.03.19 19:29:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll

[2011.03.19 19:29:38 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2011.03.19 19:26:18 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011.03.19 19:21:05 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys

[2011.03.19 19:21:05 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys

[2011.03.19 19:21:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2011.03.19 19:19:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InfoWatch

[2011.03.19 19:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE

[2011.03.19 19:19:08 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab

[2011.03.19 19:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2011.03.19 19:18:51 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys

[2011.03.19 19:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files

[2011.03.19 19:05:33 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2011.03.19 19:05:33 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2011.03.19 19:05:14 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2011.03.19 19:05:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2011.03.19 19:02:48 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Macromedia

[2011.03.19 19:02:16 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Adobe

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.19 21:18:17 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.03.19 21:18:17 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.03.19 21:18:17 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.03.19 21:18:17 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.03.19 21:15:55 | 000,786,432 | -HS- | M] () -- C:\Users\naddel\NTUSER.bak

[2011.03.19 21:12:08 | 000,000,733 | ---- | M] () -- C:\Users\naddel\Desktop\NTREGOPT.lnk

[2011.03.19 21:12:08 | 000,000,714 | ---- | M] () -- C:\Users\naddel\Desktop\ERUNT.lnk

[2011.03.19 21:09:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.03.19 21:09:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.03.19 21:09:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.03.19 21:08:40 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys

[2011.03.19 20:55:26 | 000,371,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.03.19 20:51:10 | 000,301,568 | ---- | M] () -- C:\Users\naddel\Desktop\g2m3e4r.exe

[2011.03.19 20:51:08 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\naddel\Desktop\Erunt-setup.exe

[2011.03.19 20:51:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\naddel\Desktop\OTL.exe

[2011.03.19 20:51:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\naddel\Desktop\TFC.exe

[2011.03.19 20:48:50 | 000,739,024 | ---- | M] () -- C:\Users\naddel\Desktop\Load.exe

[2011.03.19 20:27:30 | 000,004,608 | ---- | M] () -- C:\Users\naddel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.19 19:38:03 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat

[2011.03.19 19:38:03 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat

[2011.03.19 19:18:51 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys

[2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Users\naddel\Desktop\Anleitung.html

 
 ========== Files Created - No Company Name ==========

 

[2011.03.19 21:12:08 | 000,000,733 | ---- | C] () -- C:\Users\naddel\Desktop\NTREGOPT.lnk

[2011.03.19 21:12:08 | 000,000,714 | ---- | C] () -- C:\Users\naddel\Desktop\ERUNT.lnk

[2011.03.19 20:51:05 | 000,301,568 | ---- | C] () -- C:\Users\naddel\Desktop\g2m3e4r.exe

[2011.03.19 20:48:44 | 000,739,024 | ---- | C] () -- C:\Users\naddel\Desktop\Load.exe

[2011.03.19 20:45:19 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011.03.19 20:27:28 | 000,004,608 | ---- | C] () -- C:\Users\naddel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.19 20:06:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2011.03.19 20:06:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2011.03.19 20:06:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2011.03.19 19:21:37 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat

[2011.03.19 19:21:36 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat

[2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Users\naddel\Desktop\Anleitung.html

[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

[2009.01.02 08:06:55 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.01.02 08:06:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.01.02 07:27:20 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe

[2009.01.02 07:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini

[2009.01.02 07:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini

[2009.01.02 07:18:23 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe

[2009.01.02 07:18:23 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe

[2009.01.02 07:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini

[2009.01.02 06:59:29 | 000,675,412 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.01.02 06:59:29 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.01.02 06:59:29 | 000,146,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.01.02 06:59:29 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.01.02 06:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2009.01.02 06:51:04 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2009.01.02 06:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll

[2009.01.02 06:51:03 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2009.01.02 06:51:03 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin

[2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe

[2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,371,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,633,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,118,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2009.01.19 14:06:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.03.19 21:14:37 | 000,000,000 | -HSD | M] -- C:\Boot

[2011.03.19 20:54:52 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.01.19 14:01:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2009.01.02 07:11:12 | 000,000,000 | ---D | M] -- C:\Intel

[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.03.19 21:12:07 | 000,000,000 | R--D | M] -- C:\Programme

[2011.03.19 20:57:52 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.01.19 14:01:32 | 000,000,000 | -HSD | M] -- C:\Programme

[2009.01.02 09:58:44 | 000,000,000 | ---D | M] -- C:\SoftwareMedia

[2011.03.19 21:16:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.01.19 14:04:44 | 000,000,000 | R--D | M] -- C:\Users

[2011.03.19 21:12:52 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe

[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-19 20:01:03
 

< End of report >

Code:

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

explorer.exe 

winlogon.exe

wininit.exe

userinit.exe

/md5stop

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Code:

OTL Extras logfile created on: 19.03.2011 21:15:41 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\naddel\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 109,88 Gb Total Space | 81,29 Gb Free Space | 73,98% Space Free | Partition Type: NTFS

Drive D: | 110,00 Gb Total Space | 84,01 Gb Free Space | 76,37% Space Free | Partition Type: NTFS

 

Computer Name: NADDEL-PC | User Name: naddel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08782777-94B8-44E8-AA07-B1E4F0F4A474}" = rport=445 | protocol=6 | dir=out | app=system | 

"{12AB104A-E938-404F-9B41-DD23CDDE9599}" = rport=139 | protocol=6 | dir=out | app=system | 

"{8215C804-CC01-4D49-8073-0D42F3AF207C}" = lport=139 | protocol=6 | dir=in | app=system | 

"{8DC3E374-2DF0-45B0-968B-35C7A861AFB1}" = rport=137 | protocol=17 | dir=out | app=system | 

"{91515D9A-CFC0-48B2-8D93-0E66375E8C5B}" = rport=138 | protocol=17 | dir=out | app=system | 

"{9B9CA6AC-10B4-4B93-AE04-5058F56965B3}" = lport=137 | protocol=17 | dir=in | app=system | 

"{AA4E12F9-AAEF-4906-8ACD-2871ADB09E2B}" = lport=138 | protocol=17 | dir=in | app=system | 

"{BC5A22E5-8CEB-4CE8-8BA4-F4CDAAC59666}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{E509645C-597E-414A-812F-2BC8FE6AAA3F}" = lport=445 | protocol=6 | dir=in | app=system | 

"{FAB8703C-98E2-4E1E-9ECC-62281DB3953F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{8CE50534-1F10-49A3-B44F-231FB163DF50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{DB194223-34BF-490F-A76B-A1B7696C7970}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{F385A3FA-E383-4D39-A7A7-3DFB18005856}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{F65F453C-F880-4F76-B59C-6B030919B1D3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300

"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE

"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer

"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor

"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2

"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager

"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera

"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam

"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch

"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CCleaner" = CCleaner

"ERUNT_is1" = ERUNT 1.1j

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0

"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 19.01.2009 09:01:22 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.03.2011 13:48:29 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.03.2011 13:51:54 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.03.2011 14:17:08 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.03.2011 15:56:40 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.03.2011 16:10:29 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description = 

 

Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description = 

 

Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description = 

 

Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description = 

 

Error - 19.03.2011 14:16:00 | Computer Name = naddel-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 19.03.2011 14:17:08 | Computer Name = naddel-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 19.03.2011 14:17:46 | Computer Name = naddel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

 

< End of report >

und hier noch gmer als zip
vielen dank an alle die sich die zeit nehmen:daumenhoc

sei so nett und arbeite die Punkte von hier ab:-> http://www.trojaner-board.de/96622-l...tml#post631171

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:37:14, on 20.03.2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe

C:\Users\naddel\Desktop\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Verwaltungsservice vom CryproStorage-System (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
 

--

End of file - 4763 bytes

Code:

7-Zip 9.20                19.03.2011        3,54MB        

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        18.03.2011                10.2.152.32

Adobe Flash Player ActiveX        Adobe Systems Incorporated        07.01.2009                9.0.124.0

Adobe Reader 8.1.2 - Deutsch        Adobe Systems Incorporated        01.01.2009        99,6MB        8.1.2

Atheros WLAN Client                07.01.2009        1,02MB        1.00.000

CCleaner        Piriform        18.03.2011        3,55MB        3.04

Easy Battery Manager        Samsung        07.01.2009        7,89MB        3.2.1.7

Easy Display Manager        Samsung        01.01.2009        11,4MB        2.0.0.0

Easy Network Manager 3.0        Ihr Firmenname        01.01.2009        36,9MB        3.0.0.0

Easy SpeedUp Manager                07.01.2009        3,69MB        2.0.1.3

imagine digital freedom - Samsung        Samsung Electronics Co. Ltd.,        01.01.2009        7,50MB        1.0.2.2

Intel(R) Graphics Media Accelerator Driver        Intel Corporation        07.01.2009                

Intel(R) PROSet/Wireless WiFi-Software        Intel(R) Corporation        01.01.2009        78,3MB        12.00.4000

Intel® Matrix Storage Manager        Intel Corporation        07.01.2009        0,79MB        

Java(TM) 6 Update 22        Oracle        19.03.2011        97,1MB        6.0.220

Kaspersky PURE        Kaspersky Lab        18.03.2011        102,7MB        9.1.0.124

Malwarebytes' Anti-Malware        Malwarebytes Corporation        18.03.2011        4,80MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        18.03.2011        27,8MB        

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        19.03.2011        120,3MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        19.03.2011        24,5MB        4.0.30319

Microsoft Office 2003 Web Components        Microsoft Corporation        01.01.2009        21,7MB        11.0.8003.0

Microsoft Office 2007 Primary Interop Assemblies        Microsoft Corporation        01.01.2009        7,23MB        12.0.4518.1014

Microsoft Office Small Business Connectivity Components        Microsoft Corporation        01.01.2009        0,15MB        2.0.7024.0

Microsoft SQL Server 2005        Microsoft Corporation        01.01.2009        42,7MB        

Microsoft SQL Server Native Client        Microsoft Corporation        01.01.2009        2,59MB        9.00.2047.00

Microsoft SQL Server VSS Writer        Microsoft Corporation        01.01.2009        0,68MB        9.00.2047.00

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        19.03.2011        0,58MB        9.0.30729.4148

Mozilla Firefox (3.6.15)        Mozilla        18.03.2011        27,7MB        3.6.15 (de)

Namuga 1.3M Webcam        Vimicro Corporation        01.01.2009        1,86MB        1.00.0000

OpenOffice.org 3.3        OpenOffice.org        19.03.2011        413MB        3.3.9567

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        01.01.2009        11,4MB        6.0.1.5605

Samsung Magic Doctor        Samsung Electronics Co., LTD        07.01.2009        15,7MB        5.0

Samsung Recovery Solution III        Samsung        01.01.2009        36,5MB        3.0.0.7

Samsung Update Plus        Samsung Electronics Co., Ltd.        18.03.2011        8,15MB        2.0

Synaptics Pointing Device Driver        Synaptics        01.01.2009        13,6MB        10.1.2.0

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        01.01.2009        23,2MB        9.00.2047.00

User Guide                07.01.2009        27,6MB        1.0

Vimicro UVC Camera        Vimicro Corporation        01.01.2009        2,15MB        1.00.0000

WIDCOMM Bluetooth Software 6.0.1.6300        WIDCOMM, Inc.        01.01.2009        35,5MB        6.0.1.6300

Code:

 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

                        º                                    º 

                                    hjtscanlist v2.0              

                        º                                    º 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 

Microsoft Windows [Version 6.0.6001]

 

 

C:
 

  20.03.2011 10:32     C:\Windows --------- 28672   

  20.03.2011 09:24     C:\Program Files --------- 12288   

  20.03.2011 09:23     C:\ProgramData --------- 8192   

  20.03.2011 09:22     C:\System Volume Information --------- 24576   

       C:\hiberfil.sys ---------    

       C:\pagefile.sys ---------    

  19.03.2011 21:14     C:\Boot --------- 4096   

  19.01.2009 14:06     C:\$Recycle.Bin --------- 0   

  19.01.2009 14:04     C:\Users --------- 4096   

  19.01.2009 14:01     C:\Programme --------- 0   

  19.01.2009 14:01     C:\Dokumente und Einstellungen --------- 0   

  05.01.2009 09:14     C:\IO.SYS --------- 0   

  05.01.2009 09:14     C:\MSDOS.SYS --------- 0   

  02.01.2009 09:58     C:\SoftwareMedia --------- 24576   

  02.01.2009 08:12     C:\Setup.log --------- 185   

  02.01.2009 07:17     C:\RHDSetup.log --------- 366   

  02.01.2009 07:11     C:\Intel --------- 0   

  08.02.2008 10:31     C:\BOOTSECT.BAK --------- 8192   

  21.01.2008 03:32     C:\PerfLogs --------- 0   

  21.01.2008 03:24     C:\bootmgr --------- 333203   

  02.11.2006 14:02     C:\Documents and Settings --------- 0   

  18.09.2006 22:43     C:\config.sys --------- 10   

  18.09.2006 22:43     C:\autoexec.bat --------- 24   

----------------------------------------
 

 

C:\Windows
 

  20.03.2011 10:32     C:\Windows\setupact.log --------- 0   

  20.03.2011 10:32     C:\Windows\setuperr.log --------- 0   

  20.03.2011 10:00     C:\Windows\ntbtlog.txt --------- 132   

  20.03.2011 07:57     C:\Windows\bootstat.dat --------- 67584   

  20.03.2011 03:46     C:\Windows\WindowsUpdate.log --------- 2022130   

  19.03.2011 20:32     C:\Windows\win.ini --------- 128   

  02.01.2009 08:55     C:\Windows\Report.htm --------- 50816   

  02.01.2009 08:12     C:\Windows\HotFixList.ini --------- 4860   

  02.01.2009 07:38     C:\Windows\Csup.txt --------- 10   

  02.01.2009 07:17     C:\Windows\DIFxAPI.dll --------- 319456   

  02.01.2009 07:17     C:\Windows\HideWin.exe --------- 315392   

  02.01.2009 06:59     C:\Windows\CBS.log.bootstrap.perf --------- 65536   

  02.01.2009 06:59     C:\Windows\CBS.log.bootstrap.dpx --------- 65536   

  02.01.2009 06:59     C:\Windows\CBS.log.bootstrap --------- 196608   

  02.01.2009 06:59     C:\Windows\CBS.log.perf --------- 131072   

  02.01.2009 06:59     C:\Windows\CBS.log.dpx --------- 131072   

  29.10.2008 07:29     C:\Windows\explorer.exe --------- 2927104   

  21.10.2008 12:00     C:\Windows\HotfixChecker.exe --------- 405504   

  24.07.2008 04:28     C:\Windows\SetDisplayResolution.exe --------- 307200   

  28.05.2008 05:51     C:\Windows\SetDisplayResolutionDT.xml --------- 3282   

  28.05.2008 05:51     C:\Windows\SetDisplayResolutionNP.xml --------- 3282   

  19.05.2008 08:22     C:\Windows\AMCapIco.ico --------- 1078   

  17.04.2008 03:50     C:\Windows\RtHDVCpl.exe --------- 6111232   

  02.04.2008 01:27     C:\Windows\RtlUpd.exe --------- 1196032   

  05.03.2008 10:07     C:\Windows\RtlExUpd.dll --------- 520192   

  12.02.2008 05:19     C:\Windows\BtwIEProxy.exe --------- 285224   

  21.01.2008 03:43     C:\Windows\WindowsShell.Manifest --------- 749   

  21.01.2008 03:24     C:\Windows\regedit.exe --------- 134656   

  21.01.2008 03:24     C:\Windows\bfsvc.exe --------- 58880   

  21.01.2008 03:24     C:\Windows\fveupdate.exe --------- 13312   

  21.01.2008 03:24     C:\Windows\HelpPane.exe --------- 498176   

  21.01.2008 03:23     C:\Windows\notepad.exe --------- 151040   

  14.11.2007 07:18     C:\Windows\USetup.iss --------- 553   

  14.06.2007 16:36     C:\Windows\SMCM.exe --------- 319488   

  26.02.2007 08:49     C:\Windows\imagine digital freedom.dat --------- 6139774   

  26.02.2007 08:49     C:\Windows\imagine digital freedom.scr --------- 1744896   

  03.12.2006 09:00     C:\Windows\SMCM.dll --------- 172032   

  02.11.2006 13:35     C:\Windows\WMSysPr9.prx --------- 316640   

  02.11.2006 13:34     C:\Windows\twunk_16.exe --------- 49680   

  02.11.2006 13:34     C:\Windows\twain_32.dll --------- 50688   

  02.11.2006 13:34     C:\Windows\twunk_32.exe --------- 31232   

  02.11.2006 13:34     C:\Windows\twain.dll --------- 94784   

  02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   

  02.11.2006 10:45     C:\Windows\hh.exe --------- 14848   

  02.11.2006 08:46     C:\Windows\mib.bin --------- 43131   

  19.09.2006 12:41     C:\Windows\HomePremium.xml --------- 8328   

  18.09.2006 22:46     C:\Windows\system.ini --------- 219   

  18.09.2006 22:43     C:\Windows\_default.pif --------- 707   

  18.09.2006 22:43     C:\Windows\winhelp.exe --------- 256192   

  18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   

  13.09.2006 06:21     C:\Windows\ebm.reg --------- 2438   

  29.09.2005 08:26     C:\Windows\Product.ico --------- 8990   

  26.02.2002 10:47     C:\Windows\uninstall.ico --------- 15086   

----------------------------------------
 

 

C:\Windows\System
 

 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264 

 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160 

 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456 

 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584 

 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376 

 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912 

 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 

 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 

 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 

 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 

 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 

 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 

 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 

 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 

 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 

 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 

 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 

 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 

 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 

 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 

 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 

 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 

----------------------------------------
 

 

C:\Windows\System32
 

 20.03.2011 10:32     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 4784  

 20.03.2011 10:32     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 4784  

 20.03.2011 09:08     C:\Windows\system32\javaws.exe --------- 153376  

 20.03.2011 09:08     C:\Windows\system32\javaw.exe --------- 145184  

 20.03.2011 09:08     C:\Windows\system32\java.exe --------- 145184  

 20.03.2011 09:08     C:\Windows\system32\deployJava1.dll --------- 472808  

 20.03.2011 08:00     C:\Windows\system32\perfh009.dat --------- 642704  

 20.03.2011 08:00     C:\Windows\system32\perfc009.dat --------- 121592  

 20.03.2011 08:00     C:\Windows\system32\perfh007.dat --------- 685712  

 20.03.2011 08:00     C:\Windows\system32\perfc007.dat --------- 149980  

 20.03.2011 08:00     C:\Windows\system32\PerfStringBackup.INI --------- 1592750  

 20.03.2011 02:29     C:\Windows\system32\drivers --------- 65536  

 20.03.2011 02:12     C:\Windows\system32\de-DE --------- 196608  

 20.03.2011 02:10     C:\Windows\system32\en-US --------- 147456  

 20.03.2011 02:08     C:\Windows\system32\catroot --------- 4096  

 20.03.2011 02:04     C:\Windows\system32\FNTCACHE.DAT --------- 371072  

 20.03.2011 02:02     C:\Windows\system32\wbem --------- 65536  

 20.03.2011 01:53     C:\Windows\system32\catroot2 --------- 4096  

 20.03.2011 01:52     C:\Windows\system32\x64 --------- 0  

 19.03.2011 21:14     C:\Windows\system32\config --------- 16384  

 19.03.2011 20:52     C:\Windows\system32\migration --------- 0  

 19.03.2011 20:52     C:\Windows\system32\manifeststore --------- 0  

 19.03.2011 20:52     C:\Windows\system32\XPSViewer --------- 0  

 19.03.2011 20:52     C:\Windows\system32\WindowsPowerShell --------- 0  

 19.03.2011 19:21     C:\Windows\system32\DRVSTORE --------- 0  

 19.03.2011 19:08     C:\Windows\system32\WDI --------- 4096  

 19.03.2011 19:07     C:\Windows\system32\Tasks --------- 4096  

 19.03.2011 19:05     C:\Windows\system32\restore --------- 0  

 19.03.2011 18:53     C:\Windows\system32\NDF --------- 0  

 02.03.2011 19:56     C:\Windows\system32\mrt.exe --------- 37943240  

 02.02.2011 18:11     C:\Windows\system32\MpSigStub.exe --------- 222080  

 21.01.2011 16:46     C:\Windows\system32\shlwapi.dll --------- 351744  

 21.01.2011 16:46     C:\Windows\system32\shell32.dll --------- 11582464  

 08.01.2011 08:50     C:\Windows\system32\atmlib.dll --------- 34304  

 08.01.2011 06:57     C:\Windows\system32\atmfd.dll --------- 292352  

 31.12.2010 14:25     C:\Windows\system32\win32k.sys --------- 2038784  

 29.12.2010 18:41     C:\Windows\system32\sbeio.dll --------- 153088  

 29.12.2010 18:41     C:\Windows\system32\sbe.dll --------- 323072  

 29.12.2010 18:41     C:\Windows\system32\EncDec.dll --------- 429056  

 29.12.2010 18:39     C:\Windows\system32\mpg2splt.ax --------- 177664  

 28.12.2010 15:57     C:\Windows\system32\odbc32.dll --------- 409600  

 18.12.2010 07:27     C:\Windows\system32\wininet.dll --------- 916480  

 18.12.2010 07:26     C:\Windows\system32\urlmon.dll --------- 1210880  

 18.12.2010 07:25     C:\Windows\system32\occache.dll --------- 206848  

 18.12.2010 07:23     C:\Windows\system32\mstime.dll --------- 611840  

 18.12.2010 07:23     C:\Windows\system32\mshtmled.dll --------- 66560  

 18.12.2010 07:23     C:\Windows\system32\mshtml.dll --------- 5961216  

 18.12.2010 07:23     C:\Windows\system32\msfeedsbs.dll --------- 55296  

 18.12.2010 07:23     C:\Windows\system32\msfeeds.dll --------- 602112  

 18.12.2010 07:22     C:\Windows\system32\licmgr10.dll --------- 43520  

 18.12.2010 07:22     C:\Windows\system32\jsproxy.dll --------- 25600  

 18.12.2010 07:22     C:\Windows\system32\inetcpl.cpl --------- 1469440  

 18.12.2010 07:22     C:\Windows\system32\ieui.dll --------- 164352  

 18.12.2010 07:22     C:\Windows\system32\iesysprep.dll --------- 109056  

 18.12.2010 07:22     C:\Windows\system32\iertutil.dll --------- 1991680  

 18.12.2010 07:22     C:\Windows\system32\iesetup.dll --------- 71680  

 18.12.2010 07:22     C:\Windows\system32\iernonce.dll --------- 55808  

 18.12.2010 07:22     C:\Windows\system32\iepeers.dll --------- 184320  

 18.12.2010 07:22     C:\Windows\system32\ieframe.dll --------- 11080704  

 18.12.2010 07:22     C:\Windows\system32\iedkcs32.dll --------- 387584  

 18.12.2010 06:25     C:\Windows\system32\html.iec --------- 385024  

 18.12.2010 05:48     C:\Windows\system32\ieUnatt.exe --------- 133632  

 18.12.2010 05:48     C:\Windows\system32\ie4uinit.exe --------- 173568  

 18.12.2010 05:47     C:\Windows\system32\msfeedssync.exe --------- 13312  

 18.12.2010 05:47     C:\Windows\system32\mshtml.tlb --------- 1638912  

 18.12.2010 04:12     C:\Windows\system32\ieuinit.inf --------- 57667  

 17.12.2010 17:43     C:\Windows\system32\mstscax.dll --------- 2067456  

 17.12.2010 16:06     C:\Windows\system32\mstsc.exe --------- 677888  

 14.12.2010 16:49     C:\Windows\system32\sdclt.exe --------- 1169408  

 06.11.2010 12:10     C:\Windows\system32\wmicmiplugin.dll --------- 345088  

 06.11.2010 12:10     C:\Windows\system32\taskschd.dll --------- 357376  

 06.11.2010 12:10     C:\Windows\system32\taskcomp.dll --------- 270336  

 06.11.2010 12:09     C:\Windows\system32\schedsvc.dll --------- 603648  

 05.11.2010 01:53     C:\Windows\system32\taskeng.exe --------- 171520  

 28.10.2010 13:56     C:\Windows\system32\tzres.dll --------- 2048  

 18.10.2010 15:01     C:\Windows\system32\consent.exe --------- 81920  

 15.10.2010 15:08     C:\Windows\system32\ntoskrnl.exe --------- 3548048  

 15.10.2010 15:08     C:\Windows\system32\ntkrnlpa.exe --------- 3600272  

 15.10.2010 14:48     C:\Windows\system32\ntdll.dll --------- 1205080  

 01.10.2010 22:05     C:\Windows\system32\klogon.dll --------- 219736  

 20.09.2010 10:25     C:\Windows\system32\msshsq.dll --------- 231936  

 10.09.2010 19:18     C:\Windows\system32\wmp.dll --------- 10626560  

 10.09.2010 17:37     C:\Windows\system32\wmploc.DLL --------- 8147456  

 31.08.2010 16:41     C:\Windows\system32\mfc40u.dll --------- 954288  

 31.08.2010 16:41     C:\Windows\system32\mfc40.dll --------- 954752  

 31.08.2010 16:40     C:\Windows\system32\comctl32.dll --------- 531968  

 26.08.2010 17:07     C:\Windows\system32\t2embed.dll --------- 157184  

 26.08.2010 17:01     C:\Windows\system32\Apphlpdm.dll --------- 28672  

 26.08.2010 15:11     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  

 25.08.2010 19:58     C:\Windows\system32\iglhxs32.vp --------- 51432  

 25.08.2010 19:46     C:\Windows\system32\TVWSetup.exe --------- 8198680  

 25.08.2010 19:45     C:\Windows\system32\igxpun.exe --------- 948760  

 25.08.2010 19:45     C:\Windows\system32\igfxtray.exe --------- 136216  

 25.08.2010 19:45     C:\Windows\system32\igfxsrvc.exe --------- 266776  

 25.08.2010 19:45     C:\Windows\system32\igfxpers.exe --------- 170520  

 25.08.2010 19:45     C:\Windows\system32\igfxext.exe --------- 179224  

 25.08.2010 19:45     C:\Windows\system32\hkcmd.exe --------- 171032  

 25.08.2010 19:45     C:\Windows\system32\GfxUI.exe --------- 3156504  

 25.08.2010 19:39     C:\Windows\system32\igfxCoIn_v2202.dll --------- 81920  

 25.08.2010 19:31     C:\Windows\system32\igdumd32.dll --------- 4967424  

----------------------------------------
 

 

C:\Windows\Prefetch
 

 20.03.2011 10:42     C:\Windows\Prefetch\CMD.EXE-4A81B364.pf --------- 7968  

 20.03.2011 10:41     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 18154  

 20.03.2011 10:41     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 20124  

 20.03.2011 10:41     C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf --------- 13480  

 20.03.2011 10:41     C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf --------- 19808  

 20.03.2011 10:41     C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf --------- 17924  

 20.03.2011 10:37     C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf --------- 18882  

 20.03.2011 10:37     C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 36172  

 20.03.2011 10:37     C:\Windows\Prefetch\HIJACKTHIS.EXE-AE12BD51.pf --------- 28724  

 20.03.2011 10:33     C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 21506  

 20.03.2011 10:33     C:\Windows\Prefetch\VSSVC.EXE-E0890B66.pf --------- 26918  

 20.03.2011 10:33     C:\Windows\Prefetch\SYSTEMPROPERTIESADVANCED.EXE-E431BE9E.pf --------- 33956  

 20.03.2011 10:32     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3626005964-2313589623-603134117-1003.db --------- 1169466  

 20.03.2011 10:32     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3626005964-2313589623-603134117-1003.db --------- 1211666  

 20.03.2011 10:32     C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf --------- 115478  

 20.03.2011 10:28     C:\Windows\Prefetch\KLWTBLFS.EXE-A8FD5CB0.pf --------- 14586  

 20.03.2011 10:28     C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf --------- 277842  

 20.03.2011 10:28     C:\Windows\Prefetch\LOGON.SCR-E8EC8B4D.pf --------- 30458  

 20.03.2011 10:17     C:\Windows\Prefetch\AVP.EXE-5C223B5E.pf --------- 261328  

 20.03.2011 10:10     C:\Windows\Prefetch\LOGON.SCR-30601369.pf --------- 36228  

 20.03.2011 10:02     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1173115  

 20.03.2011 10:02     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 541821  

 20.03.2011 10:02     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2398181  

 20.03.2011 10:02     C:\Windows\Prefetch\AgRobust.db --------- 848388  

 20.03.2011 09:59     C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf --------- 58836  

 20.03.2011 09:59     C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf --------- 32156  

 20.03.2011 09:57     C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf --------- 24214  

 20.03.2011 09:32     C:\Windows\Prefetch\WINMAIL.EXE-1092D371.pf --------- 242714  

 20.03.2011 09:31     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf --------- 54942  

 20.03.2011 09:29     C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf --------- 86586  

 20.03.2011 09:29     C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf --------- 13982  

 20.03.2011 09:28     C:\Windows\Prefetch\DFRGUI.EXE-C853DD35.pf --------- 20014  

 20.03.2011 09:27     C:\Windows\Prefetch\OSE.EXE-533D8AC9.pf --------- 15334  

 20.03.2011 09:27     C:\Windows\Prefetch\CLEANMGR.EXE-E3C5E89D.pf --------- 120994  

 20.03.2011 09:25     C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --------- 191882  

 20.03.2011 09:25     C:\Windows\Prefetch\TFC.EXE-C4B8EE90.pf --------- 55054  

 20.03.2011 09:25     C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf --------- 18196  

 20.03.2011 09:25     C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf --------- 83096  

 20.03.2011 09:24     C:\Windows\Prefetch\_IU14D2N.TMP-10272942.pf --------- 25518  

 20.03.2011 09:24     C:\Windows\Prefetch\UNINS000.EXE-6C0F9AB5.pf --------- 21184  

 20.03.2011 09:22     C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 32964  

 20.03.2011 09:22     C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf --------- 63470  

 20.03.2011 09:21     C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf --------- 172856  

 20.03.2011 09:21     C:\Windows\Prefetch\MICROSOFT OFFICE ACTIVATION A-7B302DAD.pf --------- 94624  

 20.03.2011 09:15     C:\Windows\Prefetch\UNOPKG.EXE-B11D2061.pf --------- 21160  

 20.03.2011 09:15     C:\Windows\Prefetch\UNOPKG.BIN-A4AB393C.pf --------- 138270  

 20.03.2011 09:10     C:\Windows\Prefetch\JAVAW.EXE-91B81925.pf --------- 98844  

 20.03.2011 09:10     C:\Windows\Prefetch\WMIC.EXE-A7D06383.pf --------- 39528  

 20.03.2011 09:10     C:\Windows\Prefetch\JAUREG.EXE-171665BB.pf --------- 15668  

 20.03.2011 09:09     C:\Windows\Prefetch\UNPACK200.EXE-FB3B322C.pf --------- 106894  

 20.03.2011 09:09     C:\Windows\Prefetch\ZIPPER.EXE-45D9BE29.pf --------- 126016  

 20.03.2011 09:08     C:\Windows\Prefetch\JRE-WINDOWS-I586.EXE-C302C496.pf --------- 114776  

 20.03.2011 09:07     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 188706  

 20.03.2011 09:06     C:\Windows\Prefetch\INSTALL.EXE-05127E73.pf --------- 30958  

 20.03.2011 09:06     C:\Windows\Prefetch\VCREDIST_X86.EXE-BC14C11E.pf --------- 55182  

 20.03.2011 09:06     C:\Windows\Prefetch\SETUP.EXE-42E7FE53.pf --------- 32406  

 20.03.2011 09:06     C:\Windows\Prefetch\OOO_3.3.0_WIN_X86_INSTALL-WJR-D0044C9B.pf --------- 23222  

 20.03.2011 08:53     C:\Windows\Prefetch\RUNDLL32.EXE-4B60BE9B.pf --------- 18474  

 20.03.2011 08:49     C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf --------- 21242  

 20.03.2011 08:32     C:\Windows\Prefetch\7Z920.EXE-81B25188.pf --------- 32378  

 20.03.2011 08:17     C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf --------- 28624  

 20.03.2011 07:58     C:\Windows\Prefetch\AgCx_SC1.db --------- 483738  

 20.03.2011 07:58     C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 20602  

 20.03.2011 07:57     C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf --------- 276542  

 20.03.2011 07:57     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 17490  

 20.03.2011 03:51     C:\Windows\Prefetch\SYSTEMPROPERTIESADVANCED.EXE-68C7C4F0.pf --------- 28178  

 20.03.2011 03:50     C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf --------- 46412  

 20.03.2011 03:36     C:\Windows\Prefetch\Layout.ini --------- 1773090  

 20.03.2011 02:45     C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf --------- 176284  

 20.03.2011 02:43     C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 26118  

 20.03.2011 02:34     C:\Windows\Prefetch\G2M3E4R.EXE-078410AB.pf --------- 15698  

 20.03.2011 02:33     C:\Windows\Prefetch\LOGMAN.EXE-2BE20E8E.pf --------- 20942  

 20.03.2011 02:31     C:\Windows\Prefetch\ReadyBoot --------- 0  

 20.03.2011 02:31     C:\Windows\Prefetch\SYNTPHELPER.EXE-0A20AAC4.pf --------- 9580  

 20.03.2011 02:31     C:\Windows\Prefetch\GFXUI.EXE-C6B3880F.pf --------- 11688  

 20.03.2011 02:29     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508  

 20.03.2011 02:28     C:\Windows\Prefetch\NPE.EXE-5B284A2B.pf --------- 40026  

 20.03.2011 02:19     C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf --------- 30328  

 20.03.2011 02:13     C:\Windows\Prefetch\POQEXEC.EXE-F7DA341E.pf --------- 13084  

 20.03.2011 02:13     C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf --------- 136058  

 20.03.2011 02:12     C:\Windows\Prefetch\SETUP.EXE-AE786AB4.pf --------- 45218  

 20.03.2011 02:12     C:\Windows\Prefetch\DOTNETFX40LP_CLIENT_X86DE.EXE-3FF590B0.pf --------- 110222  

 20.03.2011 02:12     C:\Windows\Prefetch\SETUPUTILITY.EXE-797D8146.pf --------- 26602  

 20.03.2011 02:12     C:\Windows\Prefetch\LODCTR.EXE-72CD50D0.pf --------- 81176  

 20.03.2011 02:11     C:\Windows\Prefetch\MOFCOMP.EXE-8FE3D558.pf --------- 23348  

 20.03.2011 02:11     C:\Windows\Prefetch\REGTLIBV12.EXE-B7C4F383.pf --------- 22338  

 20.03.2011 02:10     C:\Windows\Prefetch\UNLODCTR.EXE-531FACC7.pf --------- 11176  

 20.03.2011 02:09     C:\Windows\Prefetch\SETUP.EXE-96BA11F2.pf --------- 52818  

 20.03.2011 02:09     C:\Windows\Prefetch\DOTNETFX40_CLIENT_X86.EXE-8137EFC7.pf --------- 22320  

 20.03.2011 02:06     C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf --------- 12522  

 20.03.2011 02:06     C:\Windows\Prefetch\RUNDLL32.EXE-7D689F8C.pf --------- 24724  

 20.03.2011 02:06     C:\Windows\Prefetch\RUNDLL32.EXE-A3D153CD.pf --------- 16790  

 20.03.2011 02:05     C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf --------- 120406  

 20.03.2011 02:05     C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf --------- 51334  

 20.03.2011 02:05     C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf --------- 22810  

 20.03.2011 02:05     C:\Windows\Prefetch\BTWDINS.EXE-0B9926A7.pf --------- 16972  

 20.03.2011 02:05     C:\Windows\Prefetch\SVCHOST.EXE-17944F30.pf --------- 52144  

 20.03.2011 02:05     C:\Windows\Prefetch\SVCHOST.EXE-FEDB32D0.pf --------- 29060  

 20.03.2011 02:05     C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf --------- 13140  

 20.03.2011 02:05     C:\Windows\Prefetch\WLANEXT.EXE-D2CEDC57.pf --------- 24268  

 20.03.2011 01:58     C:\Windows\Prefetch\MPSYSCHK.EXE-933ADA9A.pf --------- 4186  

 20.03.2011 01:57     C:\Windows\Prefetch\MRT.EXE-851529F7.pf --------- 91654  

 20.03.2011 01:57     C:\Windows\Prefetch\WINDOWS-KB890830-V3.17.EXE-F5D84129.pf --------- 23150  

 20.03.2011 01:56     C:\Windows\Prefetch\MRTSTUB.EXE-9AC98119.pf --------- 195770  

 19.03.2011 23:00     C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf --------- 21418  

 19.03.2011 20:58     C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf --------- 15918  

 19.03.2011 20:50     C:\Windows\Prefetch\IEUSER.EXE-7C0FE221.pf --------- 17758  

 19.03.2011 19:44     C:\Windows\Prefetch\FLASHUTIL9F.EXE-B262965D.pf --------- 17116  

 19.03.2011 19:44     C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf --------- 158402  

 19.01.2009 14:01     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 864634  

 19.01.2009 14:01     C:\Windows\Prefetch\AgAppLaunch.db --------- 332116  

----------------------------------------
 

 

C:\Windows\Tasks
 

 20.03.2011 02:30     C:\Windows\Tasks\SA.DAT --------- 6  

 20.03.2011 02:29     C:\Windows\Tasks\SCHEDLGU.TXT --------- 15056  

----------------------------------------
 

 

C:\Windows\Temp
 

 20.03.2011 09:37     C:\Windows\Temp\History --------- 0  

 20.03.2011 09:37     C:\Windows\Temp\Cookies --------- 0  

 20.03.2011 09:37     C:\Windows\Temp\Temporary Internet Files --------- 0  

----------------------------------------
 

 

C:\Users\naddel\AppData\Local\Temp
 

 20.03.2011 10:41     C:\Users\naddel\AppData\Local\Temp\Temp1_hjtscanlist.zip --------- 0  

 20.03.2011 09:25     C:\Users\naddel\AppData\Local\Temp\naddel.bmp --------- 31832  

----------------------------------------
 

 

C:\Program Files
 

 20.03.2011 09:12     C:\Program Files\OpenOffice.org 3 --------- 4096  

 20.03.2011 09:10     C:\Program Files\Common Files --------- 4096  

 20.03.2011 09:08     C:\Program Files\Java --------- 0  

 20.03.2011 08:32     C:\Program Files\7-Zip --------- 4096  

 20.03.2011 02:10     C:\Program Files\Microsoft.NET --------- 0  

 20.03.2011 02:02     C:\Program Files\Windows Media Player --------- 4096  

 20.03.2011 02:02     C:\Program Files\Windows Mail --------- 4096  

 20.03.2011 02:02     C:\Program Files\Movie Maker --------- 4096  

 19.03.2011 20:52     C:\Program Files\Internet Explorer --------- 4096  

 19.03.2011 20:36     C:\Program Files\Microsoft Office --------- 4096  

 19.03.2011 20:24     C:\Program Files\Microsoft Small Business --------- 0  

 19.03.2011 19:53     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  

 19.03.2011 19:48     C:\Program Files\CCleaner --------- 0  

 19.03.2011 19:46     C:\Program Files\Mozilla Firefox --------- 12288  

 19.03.2011 19:19     C:\Program Files\Kaspersky Lab --------- 0  

 19.03.2011 19:07     C:\Program Files\InstallShield Installation Information --------- 0  

 19.01.2009 14:01     C:\Program Files\Windows NT --------- 4096  

 19.01.2009 14:01     C:\Program Files\Gemeinsame Dateien --------- 0  

 02.01.2009 08:11     C:\Program Files\Vimicro Corporation --------- 0  

 02.01.2009 07:53     C:\Program Files\Samsung --------- 4096  

 02.01.2009 07:48     C:\Program Files\Microsoft SQL Server --------- 0  

 02.01.2009 07:38     C:\Program Files\MSSOAP --------- 0  

 02.01.2009 07:24     C:\Program Files\Adobe --------- 0  

 02.01.2009 07:22     C:\Program Files\Synaptics --------- 0  

 02.01.2009 07:21     C:\Program Files\WIDCOMM --------- 0  

 02.01.2009 07:18     C:\Program Files\Cisco --------- 0  

 02.01.2009 07:18     C:\Program Files\Intel --------- 0  

 02.01.2009 07:18     C:\Program Files\Atheros WLAN Client --------- 0  

 02.01.2009 07:17     C:\Program Files\Realtek --------- 0  

 02.01.2009 06:59     C:\Program Files\Windows Calendar --------- 0  

 02.01.2009 06:59     C:\Program Files\Windows Sidebar --------- 4096  

 02.01.2009 06:59     C:\Program Files\Windows Journal --------- 4096  

 02.01.2009 06:59     C:\Program Files\Windows Collaboration --------- 4096  

 02.01.2009 06:59     C:\Program Files\Windows Photo Gallery --------- 4096  

 02.01.2009 06:59     C:\Program Files\Windows Defender --------- 4096  

 21.01.2008 03:43     C:\Program Files\desktop.ini --------- 174  

 02.11.2006 14:01     C:\Program Files\Uninstall Information --------- 0  

 02.11.2006 13:37     C:\Program Files\Microsoft Games --------- 4096  

 02.11.2006 13:37     C:\Program Files\MSBuild --------- 0  

 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  

----------------------------------------
 

 

C:\ProgramData\.. 
 

naddel    

Public    

Default    

desktop.ini    

Default User    

All Users    

----------------------------------------
 

 

C:\Windows\system32\drivers\etc\hosts
 

127.0.0.1       localhost

::1             localhost
 

----------------------------------------
 

 
 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung

========================= ======== ================ =========== ===============

System Idle Process              0 Services                   0            12 K

System                           4 Services                   0        22.348 K

smss.exe                       516 Services                   0         1.532 K

csrss.exe                      644 Services                   0        11.092 K

wininit.exe                    700 Services                   0        10.864 K

csrss.exe                      708 Console                    1        13.512 K

services.exe                   752 Services                   0        14.400 K

lsass.exe                      764 Services                   0         2.596 K

lsm.exe                        776 Services                   0        10.856 K

winlogon.exe                   836 Console                    1        13.824 K

svchost.exe                    980 Services                   0        18.132 K

svchost.exe                   1048 Services                   0        16.924 K

svchost.exe                   1092 Services                   0        70.604 K

svchost.exe                   1208 Services                   0        29.204 K

svchost.exe                   1256 Services                   0       141.184 K

svchost.exe                   1300 Services                   0        64.472 K

audiodg.exe                   1388 Services                   0        27.012 K

svchost.exe                   1412 Services                   0        13.876 K

SLsvc.exe                     1436 Services                   0        30.896 K

svchost.exe                   1468 Services                   0        43.880 K

svchost.exe                   1644 Services                   0        50.940 K

dwm.exe                       1896 Console                    1        74.004 K

wlanext.exe                   1992 Services                   0        20.912 K

taskeng.exe                    324 Services                   0        34.024 K

spoolsv.exe                    396 Services                   0        38.456 K

svchost.exe                    712 Services                   0        28.404 K

taskeng.exe                   2168 Console                    1        46.496 K

btwdins.exe                   2344 Services                   0        26.280 K

ProtectedObjectsSrv.exe       2484 Services                   0        12.528 K

EvtEng.exe                    2608 Services                   0        50.480 K

sqlservr.exe                  2660 Services                   0        61.236 K

svchost.exe                   2936 Services                   0        15.524 K

RegSrvc.exe                   3120 Services                   0        27.160 K

svchost.exe                   3160 Services                   0        32.308 K

svchost.exe                   3260 Services                   0         5.268 K

SearchIndexer.exe             3304 Services                   0        54.192 K

avp.exe                       2248 Console                    1         5.260 K

avp.exe                       1784 Services                   0        26.076 K

explorer.exe                  4936 Console                    1        71.196 K

firefox.exe                   5320 Console                    1       144.776 K

klwtblfs.exe                  1524 Console                    1         4.140 K

cmd.exe                       4040 Console                    1         2.864 K

conime.exe                    4420 Console                    1         3.296 K

SearchProtocolHost.exe        4140 Services                   0         8.416 K

SearchFilterHost.exe          4076 Services                   0         6.148 K

dllhost.exe                   5916 Console                    1         4.296 K

tasklist.exe                  4916 Console                    1         4.808 K

WmiPrvSE.exe                  3316 Services                   0         6.072 K
 

 

***** Ende des Scans 20.03.2011 um 10:42:08,74 ***

hallo
vielen dank so richtig?

hast Du dein System so zu sagen mit die Recoveryfunktion, PC in Auslieferungszustand zurücksetzt? Wenn ja, damit ist dein Problem behoben?

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

2.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter

3.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Adobe Reader aktualisieren :
Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen!
Adobe Reader
oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.

Zitat:

**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.

alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
gib in der Suchleiste unter dem Windows Start Button folgendes ein:

Code:

%temp%

Inhalt markieren und löschen:
- anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

10000 dank erstmal
hoffe alles erledigt
HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:25:59, on 21.03.2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\naddel\Desktop\HiJackThis204.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Verwaltungsservice vom CryproStorage-System (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
 

--

End of file - 5677 bytes

--- --- ---

hast Du meine Frage übersehen ?:

Zitat:

Zitat von Coverflow (Beitrag 631491)

hast Du dein System so zu sagen mit die Recoveryfunktion, PC in Auslieferungszustand zurücksetzt? Wenn ja, damit ist dein Problem behoben?

upss offenbar ja :-)
ja habe ich allerdings nur laufwerk c
probleme bin nicht sicher
ist eine cpu auslastung von 10-30% wenn nur firefox offen ist den normal?

Zitat:

Zitat von asterixbx (Beitrag 631740)

ist eine cpu auslastung von 10-30% wenn nur firefox offen ist den normal?

eigentlich nicht...andauernd oder oder nur beim Start kurzfristig?

✏ Tipp:
Um eine bessere Übersicht über laufenden Anwendungen und Prozesse, die CPU-Aktivität zu beobachten , kann ich Dir aus eigene Erfahrung auch den -> Prozess explorer Von Mark Russinovich zu empfehlen

Betriebssysteme:
Windows Vista/2003 Server/XP/NT/ME/98/95/2000