Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   load exe funktioniert nur teilweise (https://www.trojaner-board.de/96622-load-exe-funktioniert-nur-teilweise.html)

asterixbx 19.03.2011 09:50

load exe funktioniert nur teilweise
 
hallo forum
da mir hier schon einmal sehr kompetent geholfen wurde
wende ich mich heute mit einen anderen problem hierher
mein laptop (vista home premium und firefox )hat probleme mit dem browser
d.h öffnet langsam, teils gar nicht ,allgemein langsamer rechner ständige hohe auslastung der cpu
habe daher versucht die load exe anleitung zu befolgen.
dies funktioniert auch bis zu dem punkt wo sich die otl exe aufhängt
und zwar an der stelle firefox settings
wie könnte ich weiter verfahren
malwarebytes ohne funde

danke schon mal:dankeschoen:

kira 19.03.2011 21:51

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:

  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
► Dürfte die Probleme nicht aus heiterem Himmel kommen, daher beantworte mir bitte kurz folgende Fragen:

Hast du in der letzten Zeit:
  • ♦ Irgendwas an deinem System geändert?
    ♦ Programme/Addons & Toolbars/Treiber/Spiele installiert,Update gezogen..etc - und waren die Quellen sicher?
    ♦ Nutzt du Externe Speichermedien wie USB-Stick, Festplatte ect? Hast Du mal diese Sachen an einem fremden Rechner angeschlossen? Oder von jemand anderem an deinen PC angesteckt?
    ♦ Etwas an der Registry verändert/gelöscht bzw RegCleaner/Optimizer-Tools benutzt usw
    ♦ In der Vergangenheit oder vor kurzem: war dein System infiziert bzw v. Viren befallen? - Wenn ja, welche Methoden hast Du angewendet zur Beseitigung? Eventuell schon vorhandene Protokoll bitte posten

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
Coverflow

asterixbx 20.03.2011 08:22

hallo
danke für deine antwort
jedoch habe ich in der zwischenzeit bereits die recovery funktion von samsung genutzt
load exe erneut geladen und abgearbeitet(hat auch funktioniert)
daher jetzt im anschluss die logs(hoffe das war jetzt nicht zu doof)
Code:

OTL logfile created on: 19.03.2011 21:15:41 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\naddel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 81,29 Gb Free Space | 73,98% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 84,01 Gb Free Space | 76,37% Space Free | Partition Type: NTFS
 
Computer Name: NADDEL-PC | User Name: naddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.19 20:51:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\naddel\Desktop\OTL.exe
PRC - [2011.03.03 19:28:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.10.01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2010.10.01 22:05:24 | 000,207,448 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008.07.10 12:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.07.10 12:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2006.04.14 02:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.19 20:51:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\naddel\Desktop\OTL.exe
MOD - [2010.10.01 22:05:42 | 000,129,624 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky PURE\shellex.dll
MOD - [2010.09.20 10:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008.07.27 19:03:14 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcr80.dll
MOD - [2008.07.27 19:03:14 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcp80.dll
MOD - [2008.01.21 03:25:29 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.10.01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2008.07.10 12:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.07.10 12:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.19 19:18:51 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009.12.14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009.12.14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008.04.27 03:07:00 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.05.23 09:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.19 19:46:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 19:46:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011.03.19 19:20:21 | 000,000,000 | ---D | M]
 
[2011.03.19 19:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\naddel\AppData\Roaming\mozilla\Extensions
[2011.03.19 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\ejwjxsgd.default\extensions
[2011.03.19 20:39:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\ejwjxsgd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.19 20:39:06 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\ejwjxsgd.default\extensions\firefox@ghostery.com
[2011.03.19 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.19 20:56:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.03.19 20:56:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: D:\pics\2010-07-04 muck\muck 015.JPG
O24 - Desktop BackupWallPaper: D:\pics\2010-07-04 muck\muck 015.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.19 21:12:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.19 21:12:07 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.19 21:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.19 20:52:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.03.19 20:51:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\naddel\Desktop\TFC.exe
[2011.03.19 20:51:00 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\naddel\Desktop\Erunt-setup.exe
[2011.03.19 20:50:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\naddel\Desktop\OTL.exe
[2011.03.19 20:45:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.03.19 20:45:21 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.03.19 20:45:21 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.03.19 20:45:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.03.19 20:45:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.03.19 20:45:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.03.19 20:45:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.03.19 20:45:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.03.19 20:45:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.03.19 20:45:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.03.19 20:45:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.03.19 20:45:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.03.19 20:45:19 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.03.19 20:45:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.03.19 20:45:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.03.19 20:45:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.03.19 20:45:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.03.19 20:41:42 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.03.19 20:41:42 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.03.19 20:41:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.03.19 20:41:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.03.19 20:41:42 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011.03.19 20:41:41 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.03.19 20:41:41 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.03.19 20:41:41 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.03.19 20:41:41 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.03.19 20:41:41 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.03.19 20:41:41 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.03.19 20:41:40 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011.03.19 20:41:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.03.19 20:41:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.03.19 20:41:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.03.19 20:41:39 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.03.19 20:41:39 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.03.19 20:41:39 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.19 20:41:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.03.19 20:41:38 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.03.19 20:41:38 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.03.19 20:41:38 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011.03.19 20:41:38 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.03.19 20:41:38 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.03.19 20:41:38 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011.03.19 20:40:25 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011.03.19 20:24:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.03.19 20:16:48 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Local\Adobe
[2011.03.19 20:16:32 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011.03.19 20:16:32 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011.03.19 20:16:31 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011.03.19 20:16:31 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.03.19 20:16:31 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011.03.19 20:16:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011.03.19 20:16:30 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011.03.19 20:16:28 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.03.19 20:11:35 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.03.19 20:11:29 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.03.19 20:11:26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.03.19 20:09:01 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011.03.19 20:08:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.03.19 20:08:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.03.19 20:06:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.03.19 20:06:45 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.03.19 20:06:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.03.19 20:06:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.03.19 20:06:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.03.19 20:06:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.03.19 20:06:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.03.19 20:06:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.03.19 20:06:43 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.03.19 20:06:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.03.19 20:06:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.03.19 20:06:40 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.03.19 20:06:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.03.19 20:06:40 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.03.19 20:06:40 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.03.19 20:06:40 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.03.19 19:54:00 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Malwarebytes
[2011.03.19 19:53:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.19 19:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.19 19:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.19 19:53:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.19 19:53:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.19 19:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.03.19 19:48:12 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.03.19 19:47:55 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011.03.19 19:47:53 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.03.19 19:47:53 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.03.19 19:47:52 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.03.19 19:47:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.03.19 19:47:46 | 002,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.03.19 19:47:45 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011.03.19 19:47:45 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.03.19 19:47:45 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.03.19 19:46:50 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.03.19 19:46:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.03.19 19:46:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.03.19 19:46:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011.03.19 19:46:14 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Mozilla
[2011.03.19 19:46:14 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Local\Mozilla
[2011.03.19 19:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.03.19 19:46:08 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.03.19 19:45:19 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.03.19 19:45:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011.03.19 19:45:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011.03.19 19:45:02 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011.03.19 19:45:02 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011.03.19 19:45:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.03.19 19:44:56 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011.03.19 19:44:43 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.03.19 19:44:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.03.19 19:44:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011.03.19 19:44:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011.03.19 19:44:02 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.03.19 19:44:02 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.03.19 19:44:02 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.03.19 19:44:01 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.03.19 19:44:01 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.03.19 19:44:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.03.19 19:44:01 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011.03.19 19:44:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.03.19 19:44:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.03.19 19:43:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.03.19 19:43:46 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.03.19 19:43:34 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011.03.19 19:43:26 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011.03.19 19:43:24 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.03.19 19:43:24 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.03.19 19:43:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.03.19 19:43:21 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.03.19 19:43:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.03.19 19:43:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011.03.19 19:29:53 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011.03.19 19:29:40 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011.03.19 19:29:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011.03.19 19:29:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011.03.19 19:29:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011.03.19 19:29:38 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.03.19 19:26:18 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.03.19 19:21:05 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2011.03.19 19:21:05 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2011.03.19 19:21:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.03.19 19:19:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InfoWatch
[2011.03.19 19:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE
[2011.03.19 19:19:08 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2011.03.19 19:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.03.19 19:18:51 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.03.19 19:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.03.19 19:05:33 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011.03.19 19:05:33 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011.03.19 19:05:14 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011.03.19 19:05:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011.03.19 19:02:48 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Macromedia
[2011.03.19 19:02:16 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.19 21:18:17 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.19 21:18:17 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.19 21:18:17 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.19 21:18:17 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.19 21:15:55 | 000,786,432 | -HS- | M] () -- C:\Users\naddel\NTUSER.bak
[2011.03.19 21:12:08 | 000,000,733 | ---- | M] () -- C:\Users\naddel\Desktop\NTREGOPT.lnk
[2011.03.19 21:12:08 | 000,000,714 | ---- | M] () -- C:\Users\naddel\Desktop\ERUNT.lnk
[2011.03.19 21:09:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.19 21:09:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.19 21:09:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.19 21:08:40 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.19 20:55:26 | 000,371,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.19 20:51:10 | 000,301,568 | ---- | M] () -- C:\Users\naddel\Desktop\g2m3e4r.exe
[2011.03.19 20:51:08 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\naddel\Desktop\Erunt-setup.exe
[2011.03.19 20:51:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\naddel\Desktop\OTL.exe
[2011.03.19 20:51:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\naddel\Desktop\TFC.exe
[2011.03.19 20:48:50 | 000,739,024 | ---- | M] () -- C:\Users\naddel\Desktop\Load.exe
[2011.03.19 20:27:30 | 000,004,608 | ---- | M] () -- C:\Users\naddel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.19 19:38:03 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.03.19 19:38:03 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.03.19 19:18:51 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Users\naddel\Desktop\Anleitung.html
 
========== Files Created - No Company Name ==========
 
[2011.03.19 21:12:08 | 000,000,733 | ---- | C] () -- C:\Users\naddel\Desktop\NTREGOPT.lnk
[2011.03.19 21:12:08 | 000,000,714 | ---- | C] () -- C:\Users\naddel\Desktop\ERUNT.lnk
[2011.03.19 20:51:05 | 000,301,568 | ---- | C] () -- C:\Users\naddel\Desktop\g2m3e4r.exe
[2011.03.19 20:48:44 | 000,739,024 | ---- | C] () -- C:\Users\naddel\Desktop\Load.exe
[2011.03.19 20:45:19 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.03.19 20:27:28 | 000,004,608 | ---- | C] () -- C:\Users\naddel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.19 20:06:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.03.19 20:06:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.03.19 20:06:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.03.19 19:21:37 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.03.19 19:21:36 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Users\naddel\Desktop\Anleitung.html
[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.01.02 08:06:55 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.02 08:06:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.02 07:27:20 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009.01.02 07:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.01.02 07:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.01.02 07:18:23 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2009.01.02 07:18:23 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2009.01.02 07:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.01.02 06:59:29 | 000,675,412 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.02 06:59:29 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.02 06:59:29 | 000,146,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.02 06:59:29 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.02 06:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.02 06:51:04 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.01.02 06:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2009.01.02 06:51:03 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.01.02 06:51:03 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,371,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,633,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,118,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.01.19 14:06:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.19 21:14:37 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.03.19 20:54:52 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.19 14:01:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.01.02 07:11:12 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.19 21:12:07 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.19 20:57:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.19 14:01:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.01.02 09:58:44 | 000,000,000 | ---D | M] -- C:\SoftwareMedia
[2011.03.19 21:16:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.01.19 14:04:44 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.19 21:12:52 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-19 20:01:03

< End of report >


asterixbx 20.03.2011 08:24

Code:

netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT


asterixbx 20.03.2011 08:27

Code:

OTL Extras logfile created on: 19.03.2011 21:15:41 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\naddel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 81,29 Gb Free Space | 73,98% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 84,01 Gb Free Space | 76,37% Space Free | Partition Type: NTFS
 
Computer Name: NADDEL-PC | User Name: naddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08782777-94B8-44E8-AA07-B1E4F0F4A474}" = rport=445 | protocol=6 | dir=out | app=system |
"{12AB104A-E938-404F-9B41-DD23CDDE9599}" = rport=139 | protocol=6 | dir=out | app=system |
"{8215C804-CC01-4D49-8073-0D42F3AF207C}" = lport=139 | protocol=6 | dir=in | app=system |
"{8DC3E374-2DF0-45B0-968B-35C7A861AFB1}" = rport=137 | protocol=17 | dir=out | app=system |
"{91515D9A-CFC0-48B2-8D93-0E66375E8C5B}" = rport=138 | protocol=17 | dir=out | app=system |
"{9B9CA6AC-10B4-4B93-AE04-5058F56965B3}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA4E12F9-AAEF-4906-8ACD-2871ADB09E2B}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC5A22E5-8CEB-4CE8-8BA4-F4CDAAC59666}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E509645C-597E-414A-812F-2BC8FE6AAA3F}" = lport=445 | protocol=6 | dir=in | app=system |
"{FAB8703C-98E2-4E1E-9ECC-62281DB3953F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8CE50534-1F10-49A3-B44F-231FB163DF50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DB194223-34BF-490F-A76B-A1B7696C7970}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F385A3FA-E383-4D39-A7A7-3DFB18005856}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F65F453C-F880-4F76-B59C-6B030919B1D3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.01.2009 09:01:22 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.03.2011 13:48:29 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.03.2011 13:51:54 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.03.2011 14:17:08 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.03.2011 15:56:40 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.03.2011 16:10:29 | Computer Name = naddel-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 19.03.2011 14:06:08 | Computer Name = naddel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 19.03.2011 14:16:00 | Computer Name = naddel-PC | Source = HTTP | ID = 15016
Description =
 
Error - 19.03.2011 14:17:08 | Computer Name = naddel-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.03.2011 14:17:46 | Computer Name = naddel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >


asterixbx 20.03.2011 08:50

und hier noch gmer als zip
vielen dank an alle die sich die zeit nehmen:daumenhoc

kira 20.03.2011 10:13

sei so nett und arbeite die Punkte von hier ab:-> http://www.trojaner-board.de/96622-l...tml#post631171

asterixbx 20.03.2011 10:38

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:14, on 20.03.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Users\naddel\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Verwaltungsservice vom CryproStorage-System (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--
End of file - 4763 bytes


asterixbx 20.03.2011 10:40

Code:

7-Zip 9.20                19.03.2011        3,54MB       
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        18.03.2011                10.2.152.32
Adobe Flash Player ActiveX        Adobe Systems Incorporated        07.01.2009                9.0.124.0
Adobe Reader 8.1.2 - Deutsch        Adobe Systems Incorporated        01.01.2009        99,6MB        8.1.2
Atheros WLAN Client                07.01.2009        1,02MB        1.00.000
CCleaner        Piriform        18.03.2011        3,55MB        3.04
Easy Battery Manager        Samsung        07.01.2009        7,89MB        3.2.1.7
Easy Display Manager        Samsung        01.01.2009        11,4MB        2.0.0.0
Easy Network Manager 3.0        Ihr Firmenname        01.01.2009        36,9MB        3.0.0.0
Easy SpeedUp Manager                07.01.2009        3,69MB        2.0.1.3
imagine digital freedom - Samsung        Samsung Electronics Co. Ltd.,        01.01.2009        7,50MB        1.0.2.2
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        07.01.2009               
Intel(R) PROSet/Wireless WiFi-Software        Intel(R) Corporation        01.01.2009        78,3MB        12.00.4000
Intel® Matrix Storage Manager        Intel Corporation        07.01.2009        0,79MB       
Java(TM) 6 Update 22        Oracle        19.03.2011        97,1MB        6.0.220
Kaspersky PURE        Kaspersky Lab        18.03.2011        102,7MB        9.1.0.124
Malwarebytes' Anti-Malware        Malwarebytes Corporation        18.03.2011        4,80MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        18.03.2011        27,8MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        19.03.2011        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        19.03.2011        24,5MB        4.0.30319
Microsoft Office 2003 Web Components        Microsoft Corporation        01.01.2009        21,7MB        11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies        Microsoft Corporation        01.01.2009        7,23MB        12.0.4518.1014
Microsoft Office Small Business Connectivity Components        Microsoft Corporation        01.01.2009        0,15MB        2.0.7024.0
Microsoft SQL Server 2005        Microsoft Corporation        01.01.2009        42,7MB       
Microsoft SQL Server Native Client        Microsoft Corporation        01.01.2009        2,59MB        9.00.2047.00
Microsoft SQL Server VSS Writer        Microsoft Corporation        01.01.2009        0,68MB        9.00.2047.00
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        19.03.2011        0,58MB        9.0.30729.4148
Mozilla Firefox (3.6.15)        Mozilla        18.03.2011        27,7MB        3.6.15 (de)
Namuga 1.3M Webcam        Vimicro Corporation        01.01.2009        1,86MB        1.00.0000
OpenOffice.org 3.3        OpenOffice.org        19.03.2011        413MB        3.3.9567
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        01.01.2009        11,4MB        6.0.1.5605
Samsung Magic Doctor        Samsung Electronics Co., LTD        07.01.2009        15,7MB        5.0
Samsung Recovery Solution III        Samsung        01.01.2009        36,5MB        3.0.0.7
Samsung Update Plus        Samsung Electronics Co., Ltd.        18.03.2011        8,15MB        2.0
Synaptics Pointing Device Driver        Synaptics        01.01.2009        13,6MB        10.1.2.0
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        01.01.2009        23,2MB        9.00.2047.00
User Guide                07.01.2009        27,6MB        1.0
Vimicro UVC Camera        Vimicro Corporation        01.01.2009        2,15MB        1.00.0000
WIDCOMM Bluetooth Software 6.0.1.6300        WIDCOMM, Inc.        01.01.2009        35,5MB        6.0.1.6300


asterixbx 20.03.2011 10:44

Code:


                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.0.6001]
 
 
C:

  20.03.2011 10:32    C:\Windows --------- 28672 
  20.03.2011 09:24    C:\Program Files --------- 12288 
  20.03.2011 09:23    C:\ProgramData --------- 8192 
  20.03.2011 09:22    C:\System Volume Information --------- 24576 
      C:\hiberfil.sys ---------   
      C:\pagefile.sys ---------   
  19.03.2011 21:14    C:\Boot --------- 4096 
  19.01.2009 14:06    C:\$Recycle.Bin --------- 0 
  19.01.2009 14:04    C:\Users --------- 4096 
  19.01.2009 14:01    C:\Programme --------- 0 
  19.01.2009 14:01    C:\Dokumente und Einstellungen --------- 0 
  05.01.2009 09:14    C:\IO.SYS --------- 0 
  05.01.2009 09:14    C:\MSDOS.SYS --------- 0 
  02.01.2009 09:58    C:\SoftwareMedia --------- 24576 
  02.01.2009 08:12    C:\Setup.log --------- 185 
  02.01.2009 07:17    C:\RHDSetup.log --------- 366 
  02.01.2009 07:11    C:\Intel --------- 0 
  08.02.2008 10:31    C:\BOOTSECT.BAK --------- 8192 
  21.01.2008 03:32    C:\PerfLogs --------- 0 
  21.01.2008 03:24    C:\bootmgr --------- 333203 
  02.11.2006 14:02    C:\Documents and Settings --------- 0 
  18.09.2006 22:43    C:\config.sys --------- 10 
  18.09.2006 22:43    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\Windows

  20.03.2011 10:32    C:\Windows\setupact.log --------- 0 
  20.03.2011 10:32    C:\Windows\setuperr.log --------- 0 
  20.03.2011 10:00    C:\Windows\ntbtlog.txt --------- 132 
  20.03.2011 07:57    C:\Windows\bootstat.dat --------- 67584 
  20.03.2011 03:46    C:\Windows\WindowsUpdate.log --------- 2022130 
  19.03.2011 20:32    C:\Windows\win.ini --------- 128 
  02.01.2009 08:55    C:\Windows\Report.htm --------- 50816 
  02.01.2009 08:12    C:\Windows\HotFixList.ini --------- 4860 
  02.01.2009 07:38    C:\Windows\Csup.txt --------- 10 
  02.01.2009 07:17    C:\Windows\DIFxAPI.dll --------- 319456 
  02.01.2009 07:17    C:\Windows\HideWin.exe --------- 315392 
  02.01.2009 06:59    C:\Windows\CBS.log.bootstrap.perf --------- 65536 
  02.01.2009 06:59    C:\Windows\CBS.log.bootstrap.dpx --------- 65536 
  02.01.2009 06:59    C:\Windows\CBS.log.bootstrap --------- 196608 
  02.01.2009 06:59    C:\Windows\CBS.log.perf --------- 131072 
  02.01.2009 06:59    C:\Windows\CBS.log.dpx --------- 131072 
  29.10.2008 07:29    C:\Windows\explorer.exe --------- 2927104 
  21.10.2008 12:00    C:\Windows\HotfixChecker.exe --------- 405504 
  24.07.2008 04:28    C:\Windows\SetDisplayResolution.exe --------- 307200 
  28.05.2008 05:51    C:\Windows\SetDisplayResolutionDT.xml --------- 3282 
  28.05.2008 05:51    C:\Windows\SetDisplayResolutionNP.xml --------- 3282 
  19.05.2008 08:22    C:\Windows\AMCapIco.ico --------- 1078 
  17.04.2008 03:50    C:\Windows\RtHDVCpl.exe --------- 6111232 
  02.04.2008 01:27    C:\Windows\RtlUpd.exe --------- 1196032 
  05.03.2008 10:07    C:\Windows\RtlExUpd.dll --------- 520192 
  12.02.2008 05:19    C:\Windows\BtwIEProxy.exe --------- 285224 
  21.01.2008 03:43    C:\Windows\WindowsShell.Manifest --------- 749 
  21.01.2008 03:24    C:\Windows\regedit.exe --------- 134656 
  21.01.2008 03:24    C:\Windows\bfsvc.exe --------- 58880 
  21.01.2008 03:24    C:\Windows\fveupdate.exe --------- 13312 
  21.01.2008 03:24    C:\Windows\HelpPane.exe --------- 498176 
  21.01.2008 03:23    C:\Windows\notepad.exe --------- 151040 
  14.11.2007 07:18    C:\Windows\USetup.iss --------- 553 
  14.06.2007 16:36    C:\Windows\SMCM.exe --------- 319488 
  26.02.2007 08:49    C:\Windows\imagine digital freedom.dat --------- 6139774 
  26.02.2007 08:49    C:\Windows\imagine digital freedom.scr --------- 1744896 
  03.12.2006 09:00    C:\Windows\SMCM.dll --------- 172032 
  02.11.2006 13:35    C:\Windows\WMSysPr9.prx --------- 316640 
  02.11.2006 13:34    C:\Windows\twunk_16.exe --------- 49680 
  02.11.2006 13:34    C:\Windows\twain_32.dll --------- 50688 
  02.11.2006 13:34    C:\Windows\twunk_32.exe --------- 31232 
  02.11.2006 13:34    C:\Windows\twain.dll --------- 94784 
  02.11.2006 10:45    C:\Windows\winhlp32.exe --------- 9216 
  02.11.2006 10:45    C:\Windows\hh.exe --------- 14848 
  02.11.2006 08:46    C:\Windows\mib.bin --------- 43131 
  19.09.2006 12:41    C:\Windows\HomePremium.xml --------- 8328 
  18.09.2006 22:46    C:\Windows\system.ini --------- 219 
  18.09.2006 22:43    C:\Windows\_default.pif --------- 707 
  18.09.2006 22:43    C:\Windows\winhelp.exe --------- 256192 
  18.09.2006 22:30    C:\Windows\msdfmap.ini --------- 1405 
  13.09.2006 06:21    C:\Windows\ebm.reg --------- 2438 
  29.09.2005 08:26    C:\Windows\Product.ico --------- 8990 
  26.02.2002 10:47    C:\Windows\uninstall.ico --------- 15086 
----------------------------------------

 
C:\Windows\System

 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264
 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160
 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456
 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584
 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376
 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------

 
C:\Windows\System32

 20.03.2011 10:32    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 4784 
 20.03.2011 10:32    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 4784 
 20.03.2011 09:08    C:\Windows\system32\javaws.exe --------- 153376 
 20.03.2011 09:08    C:\Windows\system32\javaw.exe --------- 145184 
 20.03.2011 09:08    C:\Windows\system32\java.exe --------- 145184 
 20.03.2011 09:08    C:\Windows\system32\deployJava1.dll --------- 472808 
 20.03.2011 08:00    C:\Windows\system32\perfh009.dat --------- 642704 
 20.03.2011 08:00    C:\Windows\system32\perfc009.dat --------- 121592 
 20.03.2011 08:00    C:\Windows\system32\perfh007.dat --------- 685712 
 20.03.2011 08:00    C:\Windows\system32\perfc007.dat --------- 149980 
 20.03.2011 08:00    C:\Windows\system32\PerfStringBackup.INI --------- 1592750 
 20.03.2011 02:29    C:\Windows\system32\drivers --------- 65536 
 20.03.2011 02:12    C:\Windows\system32\de-DE --------- 196608 
 20.03.2011 02:10    C:\Windows\system32\en-US --------- 147456 
 20.03.2011 02:08    C:\Windows\system32\catroot --------- 4096 
 20.03.2011 02:04    C:\Windows\system32\FNTCACHE.DAT --------- 371072 
 20.03.2011 02:02    C:\Windows\system32\wbem --------- 65536 
 20.03.2011 01:53    C:\Windows\system32\catroot2 --------- 4096 
 20.03.2011 01:52    C:\Windows\system32\x64 --------- 0 
 19.03.2011 21:14    C:\Windows\system32\config --------- 16384 
 19.03.2011 20:52    C:\Windows\system32\migration --------- 0 
 19.03.2011 20:52    C:\Windows\system32\manifeststore --------- 0 
 19.03.2011 20:52    C:\Windows\system32\XPSViewer --------- 0 
 19.03.2011 20:52    C:\Windows\system32\WindowsPowerShell --------- 0 
 19.03.2011 19:21    C:\Windows\system32\DRVSTORE --------- 0 
 19.03.2011 19:08    C:\Windows\system32\WDI --------- 4096 
 19.03.2011 19:07    C:\Windows\system32\Tasks --------- 4096 
 19.03.2011 19:05    C:\Windows\system32\restore --------- 0 
 19.03.2011 18:53    C:\Windows\system32\NDF --------- 0 
 02.03.2011 19:56    C:\Windows\system32\mrt.exe --------- 37943240 
 02.02.2011 18:11    C:\Windows\system32\MpSigStub.exe --------- 222080 
 21.01.2011 16:46    C:\Windows\system32\shlwapi.dll --------- 351744 
 21.01.2011 16:46    C:\Windows\system32\shell32.dll --------- 11582464 
 08.01.2011 08:50    C:\Windows\system32\atmlib.dll --------- 34304 
 08.01.2011 06:57    C:\Windows\system32\atmfd.dll --------- 292352 
 31.12.2010 14:25    C:\Windows\system32\win32k.sys --------- 2038784 
 29.12.2010 18:41    C:\Windows\system32\sbeio.dll --------- 153088 
 29.12.2010 18:41    C:\Windows\system32\sbe.dll --------- 323072 
 29.12.2010 18:41    C:\Windows\system32\EncDec.dll --------- 429056 
 29.12.2010 18:39    C:\Windows\system32\mpg2splt.ax --------- 177664 
 28.12.2010 15:57    C:\Windows\system32\odbc32.dll --------- 409600 
 18.12.2010 07:27    C:\Windows\system32\wininet.dll --------- 916480 
 18.12.2010 07:26    C:\Windows\system32\urlmon.dll --------- 1210880 
 18.12.2010 07:25    C:\Windows\system32\occache.dll --------- 206848 
 18.12.2010 07:23    C:\Windows\system32\mstime.dll --------- 611840 
 18.12.2010 07:23    C:\Windows\system32\mshtmled.dll --------- 66560 
 18.12.2010 07:23    C:\Windows\system32\mshtml.dll --------- 5961216 
 18.12.2010 07:23    C:\Windows\system32\msfeedsbs.dll --------- 55296 
 18.12.2010 07:23    C:\Windows\system32\msfeeds.dll --------- 602112 
 18.12.2010 07:22    C:\Windows\system32\licmgr10.dll --------- 43520 
 18.12.2010 07:22    C:\Windows\system32\jsproxy.dll --------- 25600 
 18.12.2010 07:22    C:\Windows\system32\inetcpl.cpl --------- 1469440 
 18.12.2010 07:22    C:\Windows\system32\ieui.dll --------- 164352 
 18.12.2010 07:22    C:\Windows\system32\iesysprep.dll --------- 109056 
 18.12.2010 07:22    C:\Windows\system32\iertutil.dll --------- 1991680 
 18.12.2010 07:22    C:\Windows\system32\iesetup.dll --------- 71680 
 18.12.2010 07:22    C:\Windows\system32\iernonce.dll --------- 55808 
 18.12.2010 07:22    C:\Windows\system32\iepeers.dll --------- 184320 
 18.12.2010 07:22    C:\Windows\system32\ieframe.dll --------- 11080704 
 18.12.2010 07:22    C:\Windows\system32\iedkcs32.dll --------- 387584 
 18.12.2010 06:25    C:\Windows\system32\html.iec --------- 385024 
 18.12.2010 05:48    C:\Windows\system32\ieUnatt.exe --------- 133632 
 18.12.2010 05:48    C:\Windows\system32\ie4uinit.exe --------- 173568 
 18.12.2010 05:47    C:\Windows\system32\msfeedssync.exe --------- 13312 
 18.12.2010 05:47    C:\Windows\system32\mshtml.tlb --------- 1638912 
 18.12.2010 04:12    C:\Windows\system32\ieuinit.inf --------- 57667 
 17.12.2010 17:43    C:\Windows\system32\mstscax.dll --------- 2067456 
 17.12.2010 16:06    C:\Windows\system32\mstsc.exe --------- 677888 
 14.12.2010 16:49    C:\Windows\system32\sdclt.exe --------- 1169408 
 06.11.2010 12:10    C:\Windows\system32\wmicmiplugin.dll --------- 345088 
 06.11.2010 12:10    C:\Windows\system32\taskschd.dll --------- 357376 
 06.11.2010 12:10    C:\Windows\system32\taskcomp.dll --------- 270336 
 06.11.2010 12:09    C:\Windows\system32\schedsvc.dll --------- 603648 
 05.11.2010 01:53    C:\Windows\system32\taskeng.exe --------- 171520 
 28.10.2010 13:56    C:\Windows\system32\tzres.dll --------- 2048 
 18.10.2010 15:01    C:\Windows\system32\consent.exe --------- 81920 
 15.10.2010 15:08    C:\Windows\system32\ntoskrnl.exe --------- 3548048 
 15.10.2010 15:08    C:\Windows\system32\ntkrnlpa.exe --------- 3600272 
 15.10.2010 14:48    C:\Windows\system32\ntdll.dll --------- 1205080 
 01.10.2010 22:05    C:\Windows\system32\klogon.dll --------- 219736 
 20.09.2010 10:25    C:\Windows\system32\msshsq.dll --------- 231936 
 10.09.2010 19:18    C:\Windows\system32\wmp.dll --------- 10626560 
 10.09.2010 17:37    C:\Windows\system32\wmploc.DLL --------- 8147456 
 31.08.2010 16:41    C:\Windows\system32\mfc40u.dll --------- 954288 
 31.08.2010 16:41    C:\Windows\system32\mfc40.dll --------- 954752 
 31.08.2010 16:40    C:\Windows\system32\comctl32.dll --------- 531968 
 26.08.2010 17:07    C:\Windows\system32\t2embed.dll --------- 157184 
 26.08.2010 17:01    C:\Windows\system32\Apphlpdm.dll --------- 28672 
 26.08.2010 15:11    C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 
 25.08.2010 19:58    C:\Windows\system32\iglhxs32.vp --------- 51432 
 25.08.2010 19:46    C:\Windows\system32\TVWSetup.exe --------- 8198680 
 25.08.2010 19:45    C:\Windows\system32\igxpun.exe --------- 948760 
 25.08.2010 19:45    C:\Windows\system32\igfxtray.exe --------- 136216 
 25.08.2010 19:45    C:\Windows\system32\igfxsrvc.exe --------- 266776 
 25.08.2010 19:45    C:\Windows\system32\igfxpers.exe --------- 170520 
 25.08.2010 19:45    C:\Windows\system32\igfxext.exe --------- 179224 
 25.08.2010 19:45    C:\Windows\system32\hkcmd.exe --------- 171032 
 25.08.2010 19:45    C:\Windows\system32\GfxUI.exe --------- 3156504 
 25.08.2010 19:39    C:\Windows\system32\igfxCoIn_v2202.dll --------- 81920 
 25.08.2010 19:31    C:\Windows\system32\igdumd32.dll --------- 4967424 
----------------------------------------

 
C:\Windows\Prefetch

 20.03.2011 10:42    C:\Windows\Prefetch\CMD.EXE-4A81B364.pf --------- 7968 
 20.03.2011 10:41    C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 18154 
 20.03.2011 10:41    C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 20124 
 20.03.2011 10:41    C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf --------- 13480 
 20.03.2011 10:41    C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf --------- 19808 
 20.03.2011 10:41    C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf --------- 17924 
 20.03.2011 10:37    C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf --------- 18882 
 20.03.2011 10:37    C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 36172 
 20.03.2011 10:37    C:\Windows\Prefetch\HIJACKTHIS.EXE-AE12BD51.pf --------- 28724 
 20.03.2011 10:33    C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 21506 
 20.03.2011 10:33    C:\Windows\Prefetch\VSSVC.EXE-E0890B66.pf --------- 26918 
 20.03.2011 10:33    C:\Windows\Prefetch\SYSTEMPROPERTIESADVANCED.EXE-E431BE9E.pf --------- 33956 
 20.03.2011 10:32    C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3626005964-2313589623-603134117-1003.db --------- 1169466 
 20.03.2011 10:32    C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3626005964-2313589623-603134117-1003.db --------- 1211666 
 20.03.2011 10:32    C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf --------- 115478 
 20.03.2011 10:28    C:\Windows\Prefetch\KLWTBLFS.EXE-A8FD5CB0.pf --------- 14586 
 20.03.2011 10:28    C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf --------- 277842 
 20.03.2011 10:28    C:\Windows\Prefetch\LOGON.SCR-E8EC8B4D.pf --------- 30458 
 20.03.2011 10:17    C:\Windows\Prefetch\AVP.EXE-5C223B5E.pf --------- 261328 
 20.03.2011 10:10    C:\Windows\Prefetch\LOGON.SCR-30601369.pf --------- 36228 
 20.03.2011 10:02    C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1173115 
 20.03.2011 10:02    C:\Windows\Prefetch\AgGlFaultHistory.db --------- 541821 
 20.03.2011 10:02    C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2398181 
 20.03.2011 10:02    C:\Windows\Prefetch\AgRobust.db --------- 848388 
 20.03.2011 09:59    C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf --------- 58836 
 20.03.2011 09:59    C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf --------- 32156 
 20.03.2011 09:57    C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf --------- 24214 
 20.03.2011 09:32    C:\Windows\Prefetch\WINMAIL.EXE-1092D371.pf --------- 242714 
 20.03.2011 09:31    C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf --------- 54942 
 20.03.2011 09:29    C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf --------- 86586 
 20.03.2011 09:29    C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf --------- 13982 
 20.03.2011 09:28    C:\Windows\Prefetch\DFRGUI.EXE-C853DD35.pf --------- 20014 
 20.03.2011 09:27    C:\Windows\Prefetch\OSE.EXE-533D8AC9.pf --------- 15334 
 20.03.2011 09:27    C:\Windows\Prefetch\CLEANMGR.EXE-E3C5E89D.pf --------- 120994 
 20.03.2011 09:25    C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --------- 191882 
 20.03.2011 09:25    C:\Windows\Prefetch\TFC.EXE-C4B8EE90.pf --------- 55054 
 20.03.2011 09:25    C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf --------- 18196 
 20.03.2011 09:25    C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf --------- 83096 
 20.03.2011 09:24    C:\Windows\Prefetch\_IU14D2N.TMP-10272942.pf --------- 25518 
 20.03.2011 09:24    C:\Windows\Prefetch\UNINS000.EXE-6C0F9AB5.pf --------- 21184 
 20.03.2011 09:22    C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 32964 
 20.03.2011 09:22    C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf --------- 63470 
 20.03.2011 09:21    C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf --------- 172856 
 20.03.2011 09:21    C:\Windows\Prefetch\MICROSOFT OFFICE ACTIVATION A-7B302DAD.pf --------- 94624 
 20.03.2011 09:15    C:\Windows\Prefetch\UNOPKG.EXE-B11D2061.pf --------- 21160 
 20.03.2011 09:15    C:\Windows\Prefetch\UNOPKG.BIN-A4AB393C.pf --------- 138270 
 20.03.2011 09:10    C:\Windows\Prefetch\JAVAW.EXE-91B81925.pf --------- 98844 
 20.03.2011 09:10    C:\Windows\Prefetch\WMIC.EXE-A7D06383.pf --------- 39528 
 20.03.2011 09:10    C:\Windows\Prefetch\JAUREG.EXE-171665BB.pf --------- 15668 
 20.03.2011 09:09    C:\Windows\Prefetch\UNPACK200.EXE-FB3B322C.pf --------- 106894 
 20.03.2011 09:09    C:\Windows\Prefetch\ZIPPER.EXE-45D9BE29.pf --------- 126016 
 20.03.2011 09:08    C:\Windows\Prefetch\JRE-WINDOWS-I586.EXE-C302C496.pf --------- 114776 
 20.03.2011 09:07    C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 188706 
 20.03.2011 09:06    C:\Windows\Prefetch\INSTALL.EXE-05127E73.pf --------- 30958 
 20.03.2011 09:06    C:\Windows\Prefetch\VCREDIST_X86.EXE-BC14C11E.pf --------- 55182 
 20.03.2011 09:06    C:\Windows\Prefetch\SETUP.EXE-42E7FE53.pf --------- 32406 
 20.03.2011 09:06    C:\Windows\Prefetch\OOO_3.3.0_WIN_X86_INSTALL-WJR-D0044C9B.pf --------- 23222 
 20.03.2011 08:53    C:\Windows\Prefetch\RUNDLL32.EXE-4B60BE9B.pf --------- 18474 
 20.03.2011 08:49    C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf --------- 21242 
 20.03.2011 08:32    C:\Windows\Prefetch\7Z920.EXE-81B25188.pf --------- 32378 
 20.03.2011 08:17    C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf --------- 28624 
 20.03.2011 07:58    C:\Windows\Prefetch\AgCx_SC1.db --------- 483738 
 20.03.2011 07:58    C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 20602 
 20.03.2011 07:57    C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf --------- 276542 
 20.03.2011 07:57    C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 17490 
 20.03.2011 03:51    C:\Windows\Prefetch\SYSTEMPROPERTIESADVANCED.EXE-68C7C4F0.pf --------- 28178 
 20.03.2011 03:50    C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf --------- 46412 
 20.03.2011 03:36    C:\Windows\Prefetch\Layout.ini --------- 1773090 
 20.03.2011 02:45    C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf --------- 176284 
 20.03.2011 02:43    C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 26118 
 20.03.2011 02:34    C:\Windows\Prefetch\G2M3E4R.EXE-078410AB.pf --------- 15698 
 20.03.2011 02:33    C:\Windows\Prefetch\LOGMAN.EXE-2BE20E8E.pf --------- 20942 
 20.03.2011 02:31    C:\Windows\Prefetch\ReadyBoot --------- 0 
 20.03.2011 02:31    C:\Windows\Prefetch\SYNTPHELPER.EXE-0A20AAC4.pf --------- 9580 
 20.03.2011 02:31    C:\Windows\Prefetch\GFXUI.EXE-C6B3880F.pf --------- 11688 
 20.03.2011 02:29    C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 
 20.03.2011 02:28    C:\Windows\Prefetch\NPE.EXE-5B284A2B.pf --------- 40026 
 20.03.2011 02:19    C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf --------- 30328 
 20.03.2011 02:13    C:\Windows\Prefetch\POQEXEC.EXE-F7DA341E.pf --------- 13084 
 20.03.2011 02:13    C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf --------- 136058 
 20.03.2011 02:12    C:\Windows\Prefetch\SETUP.EXE-AE786AB4.pf --------- 45218 
 20.03.2011 02:12    C:\Windows\Prefetch\DOTNETFX40LP_CLIENT_X86DE.EXE-3FF590B0.pf --------- 110222 
 20.03.2011 02:12    C:\Windows\Prefetch\SETUPUTILITY.EXE-797D8146.pf --------- 26602 
 20.03.2011 02:12    C:\Windows\Prefetch\LODCTR.EXE-72CD50D0.pf --------- 81176 
 20.03.2011 02:11    C:\Windows\Prefetch\MOFCOMP.EXE-8FE3D558.pf --------- 23348 
 20.03.2011 02:11    C:\Windows\Prefetch\REGTLIBV12.EXE-B7C4F383.pf --------- 22338 
 20.03.2011 02:10    C:\Windows\Prefetch\UNLODCTR.EXE-531FACC7.pf --------- 11176 
 20.03.2011 02:09    C:\Windows\Prefetch\SETUP.EXE-96BA11F2.pf --------- 52818 
 20.03.2011 02:09    C:\Windows\Prefetch\DOTNETFX40_CLIENT_X86.EXE-8137EFC7.pf --------- 22320 
 20.03.2011 02:06    C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf --------- 12522 
 20.03.2011 02:06    C:\Windows\Prefetch\RUNDLL32.EXE-7D689F8C.pf --------- 24724 
 20.03.2011 02:06    C:\Windows\Prefetch\RUNDLL32.EXE-A3D153CD.pf --------- 16790 
 20.03.2011 02:05    C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf --------- 120406 
 20.03.2011 02:05    C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf --------- 51334 
 20.03.2011 02:05    C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf --------- 22810 
 20.03.2011 02:05    C:\Windows\Prefetch\BTWDINS.EXE-0B9926A7.pf --------- 16972 
 20.03.2011 02:05    C:\Windows\Prefetch\SVCHOST.EXE-17944F30.pf --------- 52144 
 20.03.2011 02:05    C:\Windows\Prefetch\SVCHOST.EXE-FEDB32D0.pf --------- 29060 
 20.03.2011 02:05    C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf --------- 13140 
 20.03.2011 02:05    C:\Windows\Prefetch\WLANEXT.EXE-D2CEDC57.pf --------- 24268 
 20.03.2011 01:58    C:\Windows\Prefetch\MPSYSCHK.EXE-933ADA9A.pf --------- 4186 
 20.03.2011 01:57    C:\Windows\Prefetch\MRT.EXE-851529F7.pf --------- 91654 
 20.03.2011 01:57    C:\Windows\Prefetch\WINDOWS-KB890830-V3.17.EXE-F5D84129.pf --------- 23150 
 20.03.2011 01:56    C:\Windows\Prefetch\MRTSTUB.EXE-9AC98119.pf --------- 195770 
 19.03.2011 23:00    C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf --------- 21418 
 19.03.2011 20:58    C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf --------- 15918 
 19.03.2011 20:50    C:\Windows\Prefetch\IEUSER.EXE-7C0FE221.pf --------- 17758 
 19.03.2011 19:44    C:\Windows\Prefetch\FLASHUTIL9F.EXE-B262965D.pf --------- 17116 
 19.03.2011 19:44    C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf --------- 158402 
 19.01.2009 14:01    C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 864634 
 19.01.2009 14:01    C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 
----------------------------------------

 
C:\Windows\Tasks

 20.03.2011 02:30    C:\Windows\Tasks\SA.DAT --------- 6 
 20.03.2011 02:29    C:\Windows\Tasks\SCHEDLGU.TXT --------- 15056 
----------------------------------------

 
C:\Windows\Temp

 20.03.2011 09:37    C:\Windows\Temp\History --------- 0 
 20.03.2011 09:37    C:\Windows\Temp\Cookies --------- 0 
 20.03.2011 09:37    C:\Windows\Temp\Temporary Internet Files --------- 0 
----------------------------------------

 
C:\Users\naddel\AppData\Local\Temp

 20.03.2011 10:41    C:\Users\naddel\AppData\Local\Temp\Temp1_hjtscanlist.zip --------- 0 
 20.03.2011 09:25    C:\Users\naddel\AppData\Local\Temp\naddel.bmp --------- 31832 
----------------------------------------

 
C:\Program Files

 20.03.2011 09:12    C:\Program Files\OpenOffice.org 3 --------- 4096 
 20.03.2011 09:10    C:\Program Files\Common Files --------- 4096 
 20.03.2011 09:08    C:\Program Files\Java --------- 0 
 20.03.2011 08:32    C:\Program Files\7-Zip --------- 4096 
 20.03.2011 02:10    C:\Program Files\Microsoft.NET --------- 0 
 20.03.2011 02:02    C:\Program Files\Windows Media Player --------- 4096 
 20.03.2011 02:02    C:\Program Files\Windows Mail --------- 4096 
 20.03.2011 02:02    C:\Program Files\Movie Maker --------- 4096 
 19.03.2011 20:52    C:\Program Files\Internet Explorer --------- 4096 
 19.03.2011 20:36    C:\Program Files\Microsoft Office --------- 4096 
 19.03.2011 20:24    C:\Program Files\Microsoft Small Business --------- 0 
 19.03.2011 19:53    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 19.03.2011 19:48    C:\Program Files\CCleaner --------- 0 
 19.03.2011 19:46    C:\Program Files\Mozilla Firefox --------- 12288 
 19.03.2011 19:19    C:\Program Files\Kaspersky Lab --------- 0 
 19.03.2011 19:07    C:\Program Files\InstallShield Installation Information --------- 0 
 19.01.2009 14:01    C:\Program Files\Windows NT --------- 4096 
 19.01.2009 14:01    C:\Program Files\Gemeinsame Dateien --------- 0 
 02.01.2009 08:11    C:\Program Files\Vimicro Corporation --------- 0 
 02.01.2009 07:53    C:\Program Files\Samsung --------- 4096 
 02.01.2009 07:48    C:\Program Files\Microsoft SQL Server --------- 0 
 02.01.2009 07:38    C:\Program Files\MSSOAP --------- 0 
 02.01.2009 07:24    C:\Program Files\Adobe --------- 0 
 02.01.2009 07:22    C:\Program Files\Synaptics --------- 0 
 02.01.2009 07:21    C:\Program Files\WIDCOMM --------- 0 
 02.01.2009 07:18    C:\Program Files\Cisco --------- 0 
 02.01.2009 07:18    C:\Program Files\Intel --------- 0 
 02.01.2009 07:18    C:\Program Files\Atheros WLAN Client --------- 0 
 02.01.2009 07:17    C:\Program Files\Realtek --------- 0 
 02.01.2009 06:59    C:\Program Files\Windows Calendar --------- 0 
 02.01.2009 06:59    C:\Program Files\Windows Sidebar --------- 4096 
 02.01.2009 06:59    C:\Program Files\Windows Journal --------- 4096 
 02.01.2009 06:59    C:\Program Files\Windows Collaboration --------- 4096 
 02.01.2009 06:59    C:\Program Files\Windows Photo Gallery --------- 4096 
 02.01.2009 06:59    C:\Program Files\Windows Defender --------- 4096 
 21.01.2008 03:43    C:\Program Files\desktop.ini --------- 174 
 02.11.2006 14:01    C:\Program Files\Uninstall Information --------- 0 
 02.11.2006 13:37    C:\Program Files\Microsoft Games --------- 4096 
 02.11.2006 13:37    C:\Program Files\MSBuild --------- 0 
 02.11.2006 13:37    C:\Program Files\Reference Assemblies --------- 0 
----------------------------------------

 
C:\ProgramData\..

naddel   
Public   
Default   
desktop.ini   
Default User   
All Users   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost
::1            localhost

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            12 K
System                          4 Services                  0        22.348 K
smss.exe                      516 Services                  0        1.532 K
csrss.exe                      644 Services                  0        11.092 K
wininit.exe                    700 Services                  0        10.864 K
csrss.exe                      708 Console                    1        13.512 K
services.exe                  752 Services                  0        14.400 K
lsass.exe                      764 Services                  0        2.596 K
lsm.exe                        776 Services                  0        10.856 K
winlogon.exe                  836 Console                    1        13.824 K
svchost.exe                    980 Services                  0        18.132 K
svchost.exe                  1048 Services                  0        16.924 K
svchost.exe                  1092 Services                  0        70.604 K
svchost.exe                  1208 Services                  0        29.204 K
svchost.exe                  1256 Services                  0      141.184 K
svchost.exe                  1300 Services                  0        64.472 K
audiodg.exe                  1388 Services                  0        27.012 K
svchost.exe                  1412 Services                  0        13.876 K
SLsvc.exe                    1436 Services                  0        30.896 K
svchost.exe                  1468 Services                  0        43.880 K
svchost.exe                  1644 Services                  0        50.940 K
dwm.exe                      1896 Console                    1        74.004 K
wlanext.exe                  1992 Services                  0        20.912 K
taskeng.exe                    324 Services                  0        34.024 K
spoolsv.exe                    396 Services                  0        38.456 K
svchost.exe                    712 Services                  0        28.404 K
taskeng.exe                  2168 Console                    1        46.496 K
btwdins.exe                  2344 Services                  0        26.280 K
ProtectedObjectsSrv.exe      2484 Services                  0        12.528 K
EvtEng.exe                    2608 Services                  0        50.480 K
sqlservr.exe                  2660 Services                  0        61.236 K
svchost.exe                  2936 Services                  0        15.524 K
RegSrvc.exe                  3120 Services                  0        27.160 K
svchost.exe                  3160 Services                  0        32.308 K
svchost.exe                  3260 Services                  0        5.268 K
SearchIndexer.exe            3304 Services                  0        54.192 K
avp.exe                      2248 Console                    1        5.260 K
avp.exe                      1784 Services                  0        26.076 K
explorer.exe                  4936 Console                    1        71.196 K
firefox.exe                  5320 Console                    1      144.776 K
klwtblfs.exe                  1524 Console                    1        4.140 K
cmd.exe                      4040 Console                    1        2.864 K
conime.exe                    4420 Console                    1        3.296 K
SearchProtocolHost.exe        4140 Services                  0        8.416 K
SearchFilterHost.exe          4076 Services                  0        6.148 K
dllhost.exe                  5916 Console                    1        4.296 K
tasklist.exe                  4916 Console                    1        4.808 K
WmiPrvSE.exe                  3316 Services                  0        6.072 K

 
***** Ende des Scans 20.03.2011 um 10:42:08,74 ***

hallo
vielen dank so richtig?

kira 21.03.2011 16:02

hast Du dein System so zu sagen mit die Recoveryfunktion, PC in Auslieferungszustand zurücksetzt? Wenn ja, damit ist dein Problem behoben?

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
2.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter

3.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Adobe Reader aktualisieren :
Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen!
Adobe Reader
oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
Zitat:

**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.

alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
gib in der Suchleiste unter dem Windows Start Button folgendes ein:
Code:

%temp%
Inhalt markieren und löschen:
- anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

asterixbx 21.03.2011 17:31

10000 dank erstmal
hoffe alles erledigt
HiJackthis Logfile:
Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:59, on 21.03.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\naddel\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Verwaltungsservice vom CryproStorage-System (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--
End of file - 5677 bytes

--- --- ---

kira 21.03.2011 21:02

hast Du meine Frage übersehen ?:
Zitat:

Zitat von Coverflow (Beitrag 631491)
hast Du dein System so zu sagen mit die Recoveryfunktion, PC in Auslieferungszustand zurücksetzt? Wenn ja, damit ist dein Problem behoben?


asterixbx 22.03.2011 06:32

upss offenbar ja :-)
ja habe ich allerdings nur laufwerk c
probleme bin nicht sicher
ist eine cpu auslastung von 10-30% wenn nur firefox offen ist den normal?

kira 23.03.2011 06:53

Zitat:

Zitat von asterixbx (Beitrag 631740)
ist eine cpu auslastung von 10-30% wenn nur firefox offen ist den normal?

eigentlich nicht...andauernd oder oder nur beim Start kurzfristig?

Tipp:
Um eine bessere Übersicht über laufenden Anwendungen und Prozesse, die CPU-Aktivität zu beobachten , kann ich Dir aus eigene Erfahrung auch den -> Prozess explorer Von Mark Russinovich zu empfehlen

Betriebssysteme:
Windows Vista/2003 Server/XP/NT/ME/98/95/2000


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131