Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ärger mit Antimaleware Doctor!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.06.2010, 06:09   #1
tina_084
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



Hallo Liebes Trojaner Board

Ich bin hier zum ersten mal in einem Forum unterwegs und kenne mich leider in solch dingen nicht aus. Ich wurde zum Opfer von Antimaleware Doctor und habe jetzt sämtliche Punkte wie Malwarebytes-Anti-Malware, CCleaner, RSIT - Randoms System Information Tool und OTL - Systemscan durchgeführt.

Beim ersten mal von Malwarebytes-Anti-Malware wurden noch Fehler gefunden die ich aber mit einem 2 Durchlauf beheben konnte.
Da ich mich mit diesen ganzen Fachausdrücken hier leider nicht auskenne schick ich jetzt diese ganzen Dinge die ich angesammelt habe einfach mal mit dazu.

Hier sind die 2 Reports von Malwarebytes-Anti-Maleware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4259

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

30.06.2010 05:23:27
mbam-log-2010-06-30 (05-23-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143493
Laufzeit: 42 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\tina\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qnb2eb90wx (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\tina\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\tina\AppData\Local\Temp\emrcowxsan.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Local\Temp\xcwraenmso.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Local\Temp\Jgz.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Local\Temp\Jg2.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Hier ist der 2te:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4259

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

30.06.2010 05:56:25
mbam-log-2010-06-30 (05-56-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143169
Laufzeit: 16 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Dann habe ich diese Dinge noch:


info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.06 2010-06-30 06:16:31

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7 
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002}
AIM-->C:\Program Files\AIM6\uninst.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x7 
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avidemux 2.5-->C:\Program Files\Avidemux 2.5\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Browser Defender 2.0.6.15-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{22543949-70E8-45D0-A938-F38143EB8BF8}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x7 
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
DeskScapes (Free)-->"C:\Program Files\Stardock\Object Desktop\DeskScapes\UninstHelper.exe" /autouninstall dksw
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7 
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A} 
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Free Studio version 4.6-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free Video to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Free Video to JPG Converter version 1.4-->"C:\Program Files\DVDVideoSoft\Free Video to JPG Converter\unins000.exe"
Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Gimp 2.6.2 Debug-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Hervorhebe-Funktion (Windows Live Toolbar)-->MsiExec.exe /X{00D0200F-3B4D-4A2F-869E-533ED835A943}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Eyetoy Webcam-->C:\Windows\CleanDev.exe C:\Windows\ov519.TXT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Photo Collage 2.06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D42CBBC-2089-44AB-8021-369DDB962816}\Setup.exe" 
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Roll-->C:\Windows\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Security Update for Windows Media Encoder (KB979332)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={950E24CA-CA7E-4606-8F0D-DEDBC94F2A1E} /qb
Shape Collage-->C:\Program Files\Shape Collage\uninstall.exe
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins001.exe /LOG
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0407
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x7 
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} 
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031 
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031 
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Uniblue RegistryBooster 2010-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veoh Player-->C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Video Download Capture V2.2.9-->"C:\Program Files\Apowersoft\Video Download Capture\unins000.exe"
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Family Safety-->MsiExec.exe /X{994223F3-A99B-4DDD-9E1D-0190A17C6860}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)-->MsiExec.exe /X{218761F6-CBF6-4973-B910-A33E6563A1EA}
Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Windows-Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: tina-PC
Event Code: 43034
Message: Unknown EDID version
Record Number: 341635
Source Name: atikmdag
Time Written: 20100513163231.593264-000
Event Type: Fehler
User: 

Computer Name: tina-PC
Event Code: 43034
Message: Unknown EDID version
Record Number: 341636
Source Name: atikmdag
Time Written: 20100513163231.593264-000
Event Type: Fehler
User: 

Computer Name: tina-PC
Event Code: 43034
Message: Unknown EDID version
Record Number: 341637
Source Name: atikmdag
Time Written: 20100513163231.608864-000
Event Type: Fehler
User: 

Computer Name: tina-PC
Event Code: 7036
Message: Dienst "\Device\NDMP5" befindet sich jetzt im Status "Intel(R) Wireless WiFi Link 4965AGN".
Record Number: 341638
Source Name: NETw4v32
Time Written: 20100513163232.139268-000
Event Type: Informationen
User: 

Computer Name: tina-PC
Event Code: 6
Message: Der Dateisystemfilter "eeCtrl" (6.0, 2007-03-29T01:51:40.000Z) wurde erfolgreich geladen und im Filter-Manager registriert.
Record Number: 341639
Source Name: Microsoft-Windows-FilterManager
Time Written: 20100513163236.975299-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: tina-PC
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 17224
Source Name: Microsoft-Windows-WMI
Time Written: 20100630033122.000000-000
Event Type: Informationen
User: 

Computer Name: tina-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 17225
Source Name: SecurityCenter
Time Written: 20100630033143.000000-000
Event Type: Informationen
User: 

Computer Name: tina-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 17226
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100630033209.515410-000
Event Type: Informationen
User: tina-PC\tina

Computer Name: tina-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 17227
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100630033210.959410-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: tina-PC
Event Code: 4113
Message: AntiVir erkannte in der Datei C:\Users\tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALT03BFT\070700Setup[1].exe verdächtigen Code mit der Bezeichnung 'TR/FakeAV.WZ'!
Record Number: 17228
Source Name: Avira AntiVir
Time Written: 20100630035950.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 30132
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.016410-000
Event Type: Überwachung gescheitert
User: 

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 30133
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.113410-000
Event Type: Überwachung gescheitert
User: 

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 30134
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.203410-000 begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting
Event Type: Überwachung gescheitert
User: 

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 30135
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.292410-000
Event Type: Überwachung gescheitert
User: 

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 30136
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.381410-000
Event Type: Überwachung gescheitert
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------
         
--- --- ---

RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by tina at 2010-06-30 06:15:43
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 23 GB (30%) free of 76 GB
Total RAM: 2046 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:16:24, on 30.06.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Users\tina\AppData\Local\Temp\Jg0.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\TODDSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\tina\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Users\tina\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\tina.exe
C:\Users\tina\AppData\Local\Temp\Jg0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube Download - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15423 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000UA.job
C:\Windows\tasks\Norton Security Scan for tina.job
C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-05-07 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-08 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-12 607888]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-09-26 352256]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2010-05-07 666816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"IS CfgWiz"=C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [2007-01-12 431752]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-04-02 577536]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-05-23 509496]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]
"NDSTray.exe"=NDSTray.exe []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-08 894512]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-11-18 1243088]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Nikon Transfer Monitor"=C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-09-30 485208]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"TOSCDSPD"=TOSCDSPD.EXE []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-10-16 4347120]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848]
""= []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"Google Update"=C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 133104]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll [2009-02-25 103728]
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [2009-02-25 87368]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2009-02-25 591176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f32a383-126d-11df-9d59-001b38aaa491}]
shell\AutoRun\command - D:\pccompanion\Startme.exe
shell\menu1\command - D:\pccompanion\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5b4b2d7-f260-11de-9020-001b38aaa491}]
shell\AutoRun\command - D:\Menu.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-30 06:15:44 ----D---- C:\Program Files\trend micro
2010-06-30 06:15:43 ----D---- C:\rsit
2010-06-30 05:27:40 ----D---- C:\Program Files\CCleaner
2010-06-30 04:31:57 ----D---- C:\Users\tina\AppData\Roaming\Malwarebytes
2010-06-30 04:31:26 ----D---- C:\ProgramData\Malwarebytes
2010-06-30 04:31:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-30 03:44:57 ----D---- C:\Users\tina\AppData\Roaming\77457351CEDACC397BF3AB444E9CE7AA
2010-06-26 12:04:56 ----D---- C:\Program Files\Microsoft.NET
2010-06-25 12:00:46 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-25 12:00:46 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-25 12:00:46 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-25 12:00:46 ----A---- C:\Windows\system32\mscoree.dll
2010-06-25 12:00:46 ----A---- C:\Windows\system32\dfshim.dll
2010-06-25 05:02:52 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-25 05:02:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-13 18:47:37 ----D---- C:\Program Files\Common Files\Skype
2010-06-13 18:42:36 ----D---- C:\Users\tina\AppData\Roaming\Uniblue
2010-06-13 18:26:05 ----D---- C:\Program Files\Uniblue
2010-06-13 18:21:34 ----D---- C:\Users\tina\AppData\Roaming\GrabPro
2010-06-13 18:21:34 ----D---- C:\downloads
2010-06-13 18:21:22 ----D---- C:\Users\tina\AppData\Roaming\OpenCandy
2010-06-13 18:21:17 ----D---- C:\Users\tina\AppData\Roaming\Orbit
2010-06-13 18:21:17 ----D---- C:\Program Files\Orbitdownloader
2010-06-13 15:35:37 ----D---- C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-11 19:18:57 ----SHD---- C:\found.000
2010-06-11 12:09:14 ----SHD---- C:\Config.Msi
2010-06-10 23:05:55 ----A---- C:\Windows\system32\mshtml.dll
2010-06-10 23:05:49 ----A---- C:\Windows\system32\ieframe.dll
2010-06-10 23:05:48 ----A---- C:\Windows\system32\iertutil.dll
2010-06-10 23:05:45 ----A---- C:\Windows\system32\urlmon.dll
2010-06-10 23:05:43 ----A---- C:\Windows\system32\wininet.dll
2010-06-10 23:05:41 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-10 23:05:39 ----A---- C:\Windows\system32\occache.dll
2010-06-10 23:05:38 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-10 23:05:37 ----A---- C:\Windows\system32\mstime.dll
2010-06-10 23:05:29 ----A---- C:\Windows\system32\ieui.dll
2010-06-10 23:05:27 ----A---- C:\Windows\system32\iepeers.dll
2010-06-10 23:05:23 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-10 23:05:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-10 23:05:19 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-10 23:05:16 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-10 23:05:14 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-10 23:05:12 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-10 23:05:11 ----A---- C:\Windows\system32\iesetup.dll
2010-06-10 23:05:10 ----A---- C:\Windows\system32\iernonce.dll
2010-06-10 14:33:16 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-10 14:28:48 ----A---- C:\Windows\system32\atmfd.dll
2010-06-10 14:28:45 ----A---- C:\Windows\system32\atmlib.dll
2010-06-10 14:23:21 ----A---- C:\Windows\system32\quartz.dll

======List of files/folders modified in the last 1 months======

2010-06-30 06:16:19 ----D---- C:\Program Files\Spyware Doctor
2010-06-30 06:16:17 ----D---- C:\Windows\Temp
2010-06-30 06:16:14 ----D---- C:\Windows\system32\Tasks
2010-06-30 06:16:13 ----D---- C:\Windows\Tasks
2010-06-30 06:15:44 ----RD---- C:\Program Files
2010-06-30 06:04:02 ----D---- C:\Windows\Debug
2010-06-30 06:04:02 ----D---- C:\Windows
2010-06-30 05:49:32 ----AD---- C:\ProgramData\TEMP
2010-06-30 05:30:30 ----SHD---- C:\Windows\Installer
2010-06-30 05:30:30 ----D---- C:\Windows\system32\drivers
2010-06-30 04:31:26 ----HD---- C:\ProgramData
2010-06-29 23:20:20 ----D---- C:\Windows\System32
2010-06-29 23:20:20 ----D---- C:\Windows\inf
2010-06-29 23:20:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-29 22:37:44 ----D---- C:\Windows\Prefetch
2010-06-29 12:13:46 ----SHD---- C:\System Volume Information
2010-06-29 11:46:20 ----D---- C:\Windows\system32\catroot
2010-06-29 02:11:52 ----D---- C:\Windows\system32\catroot2
2010-06-28 01:20:34 ----D---- C:\Program Files\Mozilla Firefox
2010-06-26 12:23:17 ----D---- C:\Windows\Microsoft.NET
2010-06-26 12:23:16 ----RSD---- C:\Windows\assembly
2010-06-26 12:14:02 ----D---- C:\Windows\system32\de-DE
2010-06-26 12:05:20 ----D---- C:\Windows\system32\en-US
2010-06-25 12:20:09 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-25 12:18:32 ----D---- C:\Windows\AppPatch
2010-06-25 12:02:31 ----D---- C:\Windows\winsxs
2010-06-25 04:44:17 ----SD---- C:\ProgramData\Microsoft
2010-06-14 02:06:41 ----D---- C:\Users\tina\AppData\Roaming\dvdcss
2010-06-14 00:14:11 ----D---- C:\Users\tina\AppData\Roaming\gtk-2.0
2010-06-13 23:42:17 ----D---- C:\Users\tina\AppData\Roaming\Skype
2010-06-13 18:47:37 ----D---- C:\Program Files\Common Files
2010-06-13 18:43:38 ----D---- C:\Users\tina\AppData\Roaming\skypePM
2010-06-13 15:42:17 ----D---- C:\Users\tina\AppData\Roaming\DivX
2010-06-13 15:35:27 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-06-11 19:13:18 ----D---- C:\Windows\system32\wbem
2010-06-11 19:13:15 ----D---- C:\Program Files\Windows Mail
2010-06-11 19:13:15 ----D---- C:\Program Files\Internet Explorer
2010-06-11 19:13:14 ----D---- C:\Windows\system32\migration
2010-06-11 12:03:25 ----HD---- C:\Windows\msdownld.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-05-28 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-28 75096]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-06-19 389432]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-01-11 25400]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 2600960]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-05-28 52056]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-19 106808]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-12 1787816]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070619.036\NAVENG.SYS [2007-06-19 77688]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070619.036\NAVEX15.SYS [2007-06-19 852824]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-26 2216448]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-01-11 247608]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-04-16 115000]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-08 187448]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 ovt519;%USB\vid_054c&pid_0154.DeviceDesc%; C:\Windows\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 RimUsb;BlackBerry-Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-01-03 417592]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-01-11 276792]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-21 606208]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-10 554616]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-08-28 604488]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-01 1043784]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-04-16 1174664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 fsssvc;Windows Live Family Safety-Dienst; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-14 80504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-10 2918008]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-02-05 435016]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
         
--- --- ---



Ist jetzt alles in Ordnung und habe ich alles soweit richtig gemacht?
Ich bin in solch Dingen sehr ängstlich also bitte helft mir weiter!
Ist mein Laptop jetzt wieder in Ordnung oder muss ich mit weiteren Dingen rechnen?
Bitte schaut euch mal die Werte an, die OTL Werte habe ich auch noch leider ist der Text zu lang.

Vielen Dank schon einmal im Vorraus

Alt 30.06.2010, 06:43   #2
tina_084
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



Hier sind noch die OTL´s



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.06.2010 06:29:16 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\tina\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 22,06 Gb Free Space | 29,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,36 Gb Total Space | 73,27 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TINA-PC
Current User Name: tina
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\tina\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\tina\AppData\Local\Temp\Jg0.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\tina\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\tina\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) --  File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070619.036\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070619.036\NAVENG.SYS (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://googel.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.08 09:10:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 01:20:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 01:20:33 | 000,000,000 | ---D | M]
 
[2008.11.03 20:34:30 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\mozilla\Extensions
[2010.06.29 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions
[2009.09.13 16:55:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.13 15:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.04.13 16:50:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.13 18:56:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.04.02 23:24:21 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\moveplayer@movenetworks.com
[2008.11.03 20:34:57 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\toolbar_extras@de.yahoo.com
[2009.01.05 23:50:09 | 000,000,681 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\FireFox\Profiles\mxthdeqh.default\searchplugins\ask.xml
[2010.06.25 04:44:52 | 000,000,944 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\FireFox\Profiles\mxthdeqh.default\searchplugins\icqplugin.xml
[2009.02.15 14:14:12 | 000,001,632 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\FireFox\Profiles\mxthdeqh.default\searchplugins\live-search.xml
[2010.06.13 18:48:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.02.15 01:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.13 18:48:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008.11.03 20:34:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2010.03.18 00:31:06 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.18 00:31:06 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.18 00:31:06 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.18 00:31:06 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.18 00:31:06 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD]  File not found
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f32a383-126d-11df-9d59-001b38aaa491}\Shell\AutoRun\command - "" = D:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{0f32a383-126d-11df-9d59-001b38aaa491}\Shell\menu1\command - "" = D:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{e5b4b2d7-f260-11de-9020-001b38aaa491}\Shell\AutoRun\command - "" = D:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.30 06:15:44 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.06.30 06:15:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.30 05:27:40 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.30 04:31:57 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Malwarebytes
[2010.06.30 04:31:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.30 04:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.30 04:31:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.30 04:31:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.30 03:44:57 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\77457351CEDACC397BF3AB444E9CE7AA
[2010.06.26 12:04:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.06.26 00:10:28 | 000,000,000 | ---D | C] -- C:\Users\tina\Desktop\Filmcher
[2010.06.25 12:00:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.25 12:00:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.25 12:00:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.25 05:02:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.25 05:02:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.13 18:47:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.06.13 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Uniblue
[2010.06.13 18:26:05 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.13 18:21:34 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\GrabPro
[2010.06.13 18:21:34 | 000,000,000 | ---D | C] -- C:\downloads
[2010.06.13 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\OpenCandy
[2010.06.13 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\OpenCandy
[2010.06.13 18:21:17 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader
[2010.06.13 18:21:17 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Orbit
[2010.06.13 15:35:37 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.11 19:18:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.06.11 12:09:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.10 23:05:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 23:05:38 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 23:05:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 23:05:34 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.10 23:05:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.10 23:05:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 23:05:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 23:05:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.10 23:05:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.10 23:05:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 23:05:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.10 23:05:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.10 23:05:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.10 23:05:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.10 23:05:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 14:33:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.10 14:28:48 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 14:28:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 14:23:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.06.10 14:20:09 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.30 06:35:36 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.06.30 06:35:32 | 004,194,304 | ---- | M] () -- C:\Users\tina\NTUSER.DAT
[2010.06.30 06:21:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000UA.job
[2010.06.30 06:03:33 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.06.30 05:31:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 05:31:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 05:30:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.30 05:30:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.30 05:29:13 | 000,524,288 | -HS- | M] () -- C:\Users\tina\NTUSER.DAT{cc25eced-0eaa-11de-803e-001b38aaa491}.TMContainer00000000000000000001.regtrans-ms
[2010.06.30 05:29:13 | 000,065,536 | -HS- | M] () -- C:\Users\tina\NTUSER.DAT{cc25eced-0eaa-11de-803e-001b38aaa491}.TM.blf
[2010.06.30 05:29:09 | 002,950,029 | -H-- | M] () -- C:\Users\tina\AppData\Local\IconCache.db
[2010.06.30 05:27:42 | 000,000,809 | ---- | M] () -- C:\Users\tina\Desktop\CCleaner.lnk
[2010.06.30 05:21:02 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000Core.job
[2010.06.30 04:31:35 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 23:22:31 | 000,002,042 | ---- | M] () -- C:\Users\tina\Desktop\Google Chrome.lnk
[2010.06.29 23:21:47 | 000,037,888 | ---- | M] () -- C:\Users\tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.29 23:21:07 | 000,163,808 | ---- | M] () -- C:\Users\tina\Desktop\IMG00344-20100629-1345.jpg
[2010.06.29 23:20:20 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.29 23:20:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.29 23:20:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.29 23:20:20 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.29 23:20:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.28 22:28:46 | 000,000,556 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for tina.job
[2010.06.25 04:30:03 | 000,001,356 | ---- | M] () -- C:\Users\tina\AppData\Local\d3d9caps.dat
[2010.06.14 00:15:32 | 000,003,361 | ---- | M] () -- C:\Users\tina\.recently-used.xbel
[2010.06.13 18:26:09 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.06.13 18:21:32 | 000,000,853 | ---- | M] () -- C:\Users\tina\Desktop\Orbit.lnk
[2010.06.13 15:35:27 | 000,001,037 | ---- | M] () -- C:\Users\tina\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.11 19:26:13 | 000,253,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.30 05:27:42 | 000,000,809 | ---- | C] () -- C:\Users\tina\Desktop\CCleaner.lnk
[2010.06.30 04:31:35 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.30 03:45:46 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.06.29 23:20:31 | 000,163,808 | ---- | C] () -- C:\Users\tina\Desktop\IMG00344-20100629-1345.jpg
[2010.06.14 00:15:32 | 000,003,361 | ---- | C] () -- C:\Users\tina\.recently-used.xbel
[2010.06.13 19:30:37 | 735,070,208 | ---- | C] () -- C:\Users\tina\Documents\s0incx482h8pj.avi
[2010.06.13 18:26:09 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.06.13 18:21:32 | 000,000,853 | ---- | C] () -- C:\Users\tina\Desktop\Orbit.lnk
[2010.02.05 19:50:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.02.05 19:50:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.02.05 17:13:21 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.11.05 00:22:16 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.11.05 00:22:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.07.12 10:54:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.07.12 10:45:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.07.12 10:45:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.07.12 10:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.07.12 10:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.07.12 10:45:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.07.12 10:45:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.07.12 10:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 08:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 07:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.04.16 07:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.04.16 07:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.04.16 07:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.04.16 07:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
         
--- --- ---




OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.06.2010 06:29:16 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\tina\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 22,06 Gb Free Space | 29,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,36 Gb Total Space | 73,27 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TINA-PC
Current User Name: tina
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0703E83B-A382-4FD5-BEF4-0279D6CB353D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2BC7FA48-69DF-4B7E-9566-28FDF6592B44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E15C971-5E7B-4AB7-8A80-8EBD358E22F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58CE0D29-40E5-42EE-9302-2032A441F246}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{61C5CF5C-49C4-4701-A913-3DB1FAC23E53}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6E48653B-1F8F-4FA2-A3C1-06794492983A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{77DD2917-2E79-4B16-8EC9-7B30AEC81A62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{94D12056-B782-4965-9967-8CC082EFD767}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BCADCD43-B683-49B7-AC93-4340178E205B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F4063DD6-A794-447E-BE24-81D9A9216DB1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C68674-E096-4D4F-BD18-EA6BD8975FBD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{19AB907F-9A75-4619-B4F3-C7B5D4EEB7B4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{2D2B6491-6C0A-4712-AB07-1FAAE667E7B2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{43535977-42B4-4947-BDCB-ED75DC572746}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{6A7FC144-E9A6-4B90-88A5-8CEE0630C15A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{998189EE-9759-49CE-87C9-1A8643B26848}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{B37C479E-704A-4C98-A0D4-571D6A2B8D0A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{DD54AC42-97C5-433B-8F26-9A54F2EAFEC3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E9A7B6D4-CB0C-4A30-A0D1-87A69BE8D82C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"TCP Query User{46FEA9F7-8385-4C5D-864D-F3A4CEB57AD5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B07EF5B5-585C-497A-9EE7-AFE65024583A}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{B60BB155-8A60-42DA-B6C8-49B51DEA3C26}C:\program files\hasbro interactive\rollercoaster tycoon\rct.icd" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.icd | 
"TCP Query User{BBF07853-C291-4F64-8078-48B2F91FA7F8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F1165E53-1BC1-42CE-A1B0-AB6CC80BEBDE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{FAE63C13-4D90-4E76-A0A9-F6F97986AAFC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{0BB68CFC-11E2-40D8-9FE5-07E7699766B4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1B84D2E3-4218-41E4-BE5F-E3B2201BA3F4}C:\program files\hasbro interactive\rollercoaster tycoon\rct.icd" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.icd | 
"UDP Query User{51C44DB3-ED57-4D12-A4D1-1E22F1E9AB67}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{64AAEE2C-52F1-4950-BA2D-88EC51B0E3FD}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{A7DD4D36-6967-4CC7-B03F-A61C770A9BD4}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{ED2DF50D-1C3F-48AA-A43A-D7D77E5734A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00004EE8-1E8B-BB10-6588-07DF0D120F6B}" = CCC Help Korean
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{02E107FC-1861-FC4A-E80F-07DA9DC5808C}" = Catalyst Control Center Graphics Previews Vista
"{03C55715-3545-2DF8-8C64-2BB877955150}" = Catalyst Control Center Localization Chinese Traditional
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0755396F-D048-8CDD-6AC3-C7C83A6869B5}" = CCC Help Czech
"{08B7B1F9-A8EB-7632-FFC3-04AB5328143B}" = CCC Help Chinese Standard
"{09F52B2B-8B36-130C-5EBD-6E5FFC5FA0B7}" = CCC Help English
"{0E1C53DA-DF86-845A-7BEB-14C4A8E0B150}" = Catalyst Control Center Localization Korean
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15B924BC-AEB2-7E31-F414-1FC7B385846A}" = CCC Help Greek
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20CFE038-F4CE-0716-DCA0-04BBD67FE5EA}" = CCC Help Turkish
"{2126F5BB-AB90-083F-7AA8-A29D73819DAA}" = CCC Help French
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{26E6EA50-532C-8CF3-5EB4-8C8D306EAB58}" = Catalyst Control Center Localization Polish
"{27CD3616-D3B0-834C-89A3-4FC5CEE7374D}" = Catalyst Control Center Graphics Full Existing
"{28912B61-0265-3C33-7EC7-14345AC76E3D}" = CCC Help Hungarian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D06C1FE-8454-5663-D0E9-1C130FD96446}" = Catalyst Control Center Localization Norwegian
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{30F9E15A-EE25-6D32-62CE-2E6BEAED3766}" = CCC Help Italian
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{342A19C7-3335-C02F-F1DD-3A0B49C3D047}" = Catalyst Control Center Localization Greek
"{34EF4F67-A3CE-DAB6-FA06-7C4C59A0D462}" = Catalyst Control Center Localization Swedish
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.2.9
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CE22BE4-E2D3-F0E8-1C52-1B5A5F97B876}" = Catalyst Control Center Localization Turkish
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{400F4990-B111-109A-6B08-E80CB42651AA}" = Catalyst Control Center Localization Danish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44479884-EB6D-38DA-1D3E-835625E40F7E}" = Catalyst Control Center Graphics Previews Common
"{480CA9F1-17E2-0B15-9684-511C0A083F92}" = Catalyst Control Center Localization Thai
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F31172C-2692-BB28-8F5B-86474CEC5D33}" = Catalyst Control Center Localization Chinese Standard
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54AAFB71-6DCB-32EB-8F91-DA7643497ED4}" = Catalyst Control Center Localization Spanish
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5D1CB0EC-0CA2-B4FD-2A10-2503A3CF7E46}" = Catalyst Control Center Localization Italian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFE618D-0100-6DE7-9894-5FD057103871}" = Catalyst Control Center Core Implementation
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63D10FBD-5667-DAD9-0B31-CED873B3F7EF}" = Catalyst Control Center Graphics Light
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7936153F-8D09-BC11-6DC4-1D4DEAB9D680}" = CCC Help Thai
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{816B8A02-76F0-AE47-E28F-0AD114CC261E}" = CCC Help Polish
"{82AB4F83-BBBA-8F04-EE34-11F74E39A4B6}" = Catalyst Control Center Localization German
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{86158699-F584-0DC9-119D-C5A6591090FB}" = CCC Help Chinese Traditional
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D42CBBC-2089-44AB-8021-369DDB962816}" = Photo Collage 2.06
"{920E3F1A-0B73-807D-EE0E-E6D89D4E5DDE}" = Catalyst Control Center Localization Dutch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{985AF15E-776F-3CDD-EB92-2DAFF02697FB}" = Skins
"{98CE747E-4948-10B0-BBF0-5981A11114D1}" = Catalyst Control Center Localization Hungarian
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99F54171-AE4A-579B-1544-5870478FC8F7}" = Catalyst Control Center Graphics Full New
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BAD23B-748C-50FD-CCA9-956C3F54D138}" = CCC Help German
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{ABD82299-8034-4B44-4FDB-3F8971C20575}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{ACE07E37-A416-9A6B-D352-C776FFA49493}" = CCC Help Spanish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2AEC44B-F926-773D-D028-77CADEF8D9D3}" = CCC Help Norwegian
"{B537ACDB-7C56-83B6-034C-A5AF6400F789}" = CCC Help Swedish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8AB4511-EECC-9299-45B3-F25F4774F6F2}" = CCC Help Russian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD75C1A0-F0ED-B54A-B49C-3244B47BA803}" = ccc-utility
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6317675-96CC-D2AE-40F2-698F3DED64B4}" = CCC Help Portuguese
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7FAEA9E-A14C-D8C9-EEE9-8D43F9E09565}" = Catalyst Control Center Localization Czech
"{CC35C434-FFC8-BDD8-44F0-ED0972484C56}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D646CA8B-5227-1598-5E9C-132B2D89A38D}" = Catalyst Control Center Localization Japanese
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D8E302CB-8517-3E9B-C6C9-E90A21C6EFC5}" = CCC Help Danish
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BB634D-B374-A329-EE5D-22C279F92A7F}" = ccc-core-static
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1426C-6670-4068-6398-EB490D45979F}" = Catalyst Control Center Localization Portuguese
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8B5B814-A3BF-F83F-09ED-AED9EE88211A}" = Catalyst Control Center Localization French
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F927176F-F8F0-FACF-A57E-4F95714B6F00}" = Catalyst Control Center Localization Russian
"{FA7BB878-FC13-7548-13D3-18A53381014D}" = CCC Help Japanese
"{FB56EE4D-7CBC-6FDC-E336-52BD269E4CF6}" = Catalyst Control Center Localization Finnish
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"DeskScapes (Free)" = DeskScapes (Free)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Studio_is1" = Free Studio version 4.6
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.2
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}" = Veoh Player
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mp3tag" = Mp3tag v2.43
"NSS" = Norton Security Scan
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"RealPlayer 6.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"ShapeCollage" = Shape Collage
"Spyware Doctor" = Spyware Doctor 7.0
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2010 15:09:52 | Computer Name = tina-PC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1418  Anfangszeit: 01caa695b139c505  Zeitpunkt
 der Beendigung: 41
 
Error - 05.02.2010 15:16:24 | Computer Name = tina-PC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 10b8  Anfangszeit: 01caa696cb6d6c05  Zeitpunkt
 der Beendigung: 63
 
Error - 05.02.2010 15:38:47 | Computer Name = tina-PC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1054  Anfangszeit: 01caa697b51abdd5  Zeitpunkt
 der Beendigung: 56
 
Error - 05.02.2010 15:47:06 | Computer Name = tina-PC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 13dc  Anfangszeit: 01caa69ad5f75745  Zeitpunkt
 der Beendigung: 67
 
Error - 06.02.2010 09:49:48 | Computer Name = tina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\tina\Downloads\iTunes80164Setup.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.02.2010 15:11:20 | Computer Name = tina-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 06.02.2010 15:11:21 | Computer Name = tina-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 13.02.2010 19:48:06 | Computer Name = tina-PC | Source = Google Update | ID = 20
Description = 
 
Error - 13.02.2010 20:48:06 | Computer Name = tina-PC | Source = Google Update | ID = 20
Description = 
 
Error - 15.02.2010 00:48:14 | Computer Name = tina-PC | Source = Google Update | ID = 20
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Leider gehn nach dem Neustart immer noch 1-2 Popups auf.
Ist das ein schlimmes Zeichen?
__________________


Alt 30.06.2010, 07:37   #3
kira
/// Helfer-Team
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



Hallo und Herzlich Willkommen!

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
- zwei gleichzeitig installierte und aktivierte Antivirenprogramme: AntiVir PersonalEdition Classic & Symantec/Norton
Beide Scanner haben nämlich nur ein Ziel, dein System sinnvoll gegen Schädlingen zu prüfen/schützen. Damit sie behindern sich gegenseitig und eine Doppelbelastung ist im System, die Folge kann ein Crash sein, oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Mehr AV Programme bedeutet nicht mehr Sicherheit!
Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen!!
- Norton Antivirus ZU deinstallieren (falls Du dich für Avira entscheidest) gehe auf der Symantec-Webseite und suche nach den speziellen Deinstallations-Tools, mit denen die letzten Reste (auch) entfernt werden sollten:► Norton Removal Tool (für alle Produkte ab 2003 bis 2008) von hier herunterladen
oder hier: ►Norton Removal Tool für alle Produkte ab 2003 bis 2010 / wintotal.de

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
Lade und installiere das Tool RootRepeal herunter
  • setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
  • "Stealth Objects" -> "Scan"-> Save Report"...
  • "Hidden Services" -> "Scan"-> Save Report"...
  • speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

7.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
Tipps für die Suche nach Dateien
Code:
ATTFilter
C:\Users\tina\AppData\Local\Temp\Jg0.exe
         
→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Code:
ATTFilter
Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)
Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.0.0.73	2009.01.28	-
AhnLab-V3	5.0.0.2	2009.01.28	-
AntiVir	7.9.0.60	2009.01.28	-
Authentium	5.1.0.4	2009.01.27	-

...über 40 Virenscannern...also Geduld!!
         
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]


** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow
__________________

Alt 30.06.2010, 07:53   #4
tina_084
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



ok ich werde mein bestes geben und mich jetzt direkt an die arbeit machen.bei fragen melde ich mich wieder.da ich wirklich keine ahnung von solchen dingen habe.trotzdem vielen dank schon mal

Alt 30.06.2010, 12:15   #5
tina_084
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



hallo bei schritt 5 komme ich nicht weiter.da hängt sich mein laptop auf und er beendet den vorgang nicht.kann ich mit schritt 6 und 7 schon mal weiter machen oder kann ich schritt 5 auch im abgesichterten modus versuchen?


Alt 30.06.2010, 15:51   #6
kira
/// Helfer-Team
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



nein, versuche mit GMER nicht, sondern mache mit Punkt 6. weiter

Alt 30.06.2010, 16:57   #7
tina_084
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



ohje ich hoffe das ist alles richtig so.ich habe echt mein bestes gegeben


Code:
ATTFilter
 
Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6001]
 
 
C:

  30.06.2010 09:18     C:\downloads --------- 4096   
       C:\pagefile.sys ---------    
  30.06.2010 08:55     C:\Program Files --------- 24576   
  30.06.2010 07:16     C:\Windows --------- 32768   
  30.06.2010 06:16     C:\rsit --------- 0   
  30.06.2010 04:37     C:\rkill.log --------- 622   
  30.06.2010 04:31     C:\ProgramData --------- 12288   
  29.06.2010 12:13     C:\System Volume Information --------- 24576   
  26.06.2010 12:15     C:\Config.Msi --------- 0   
  11.06.2010 19:18     C:\found.000 --------- 0   
  21.06.2009 01:16     C:\$Recycle.Bin --------- 4096   
  21.06.2009 01:15     C:\Users --------- 4096   
  12.03.2009 15:55     C:\Boot --------- 4096   
  16.02.2009 14:48     C:\PerfLogs --------- 0   
  16.11.2008 17:45     C:\DVDVideoSoft --------- 0   
  04.11.2008 01:43     C:\IPH.PH --------- 854   
  14.10.2008 18:27     C:\Toshiba --------- 4096   
  14.10.2008 16:35     C:\Programme --------- 0   
  14.10.2008 16:35     C:\Dokumente und Einstellungen --------- 0   
  19.01.2008 09:45     C:\bootmgr --------- 333203   
  13.07.2007 00:41     C:\SWSTAMP.TXT --------- 388   
  24.04.2007 06:48     C:\_wdsuef.dmp --------- 22948   
  16.04.2007 07:19     C:\RHDSetup.log --------- 420   
  16.04.2007 07:05     C:\Intel --------- 0   
  13.04.2007 12:12     C:\BOOTSECT.BAK --------- 8192   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  18.09.2006 23:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  30.06.2010 09:03     C:\Windows\WindowsUpdate.log --------- 1277870   
  30.06.2010 08:58     C:\Windows\ntbtlog.txt --------- 31050   
  30.06.2010 08:55     C:\Windows\bootstat.dat --------- 67584   
  30.06.2010 08:55     C:\Windows\PFRO.log --------- 30100   
  22.01.2010 01:21     C:\Windows\RegISSImport.xml --------- 879   
  22.01.2010 01:21     C:\Windows\SGDetectionTool.dll --------- 149456   
  22.01.2010 01:21     C:\Windows\RegSDImport.xml --------- 882   
  22.01.2010 01:21     C:\Windows\PCTBDRes.dll --------- 165840   
  22.01.2010 01:21     C:\Windows\PCTBDCore.dll --------- 1652688   
  22.01.2010 01:21     C:\Windows\BDTSupport.dll --------- 767952   
  10.11.2009 11:28     C:\Windows\PCTBDCore.dll.old --------- 1640400   
  10.11.2009 11:26     C:\Windows\BDTSupport.dll.old --------- 767952   
  28.10.2009 02:36     C:\Windows\UDB.zip --------- 1152444   
  28.08.2009 10:28     C:\Windows\system.ini --------- 219   
  10.07.2009 13:10     C:\Windows\WLXPGSS.SCR --------- 307568   
  16.02.2009 15:02     C:\Windows\WindowsShell.Manifest --------- 749   
  26.11.2008 13:08     C:\Windows\IDB.zip --------- 131   
  29.10.2008 08:29     C:\Windows\explorer.exe --------- 2927104   
  19.01.2008 09:33     C:\Windows\regedit.exe --------- 134656   
  19.01.2008 09:33     C:\Windows\notepad.exe --------- 151040   
  19.01.2008 09:33     C:\Windows\HelpPane.exe --------- 498176   
  19.01.2008 09:33     C:\Windows\fveupdate.exe --------- 13312   
  19.01.2008 09:33     C:\Windows\bfsvc.exe --------- 58880   
  13.07.2007 00:41     C:\Windows\csup.txt --------- 11   
  12.07.2007 21:33     C:\Windows\DIFxAPI.dll --------- 319456   
  13.06.2007 07:11     C:\Windows\RtHDVCpl.exe --------- 4489216   
  28.05.2007 14:39     C:\Windows\SkyTel.exe --------- 1826816   
  03.05.2007 07:52     C:\Windows\atiogl.xml --------- 11557   
  16.04.2007 08:36     C:\Windows\mgxoschk.ini --------- 6642   
  16.04.2007 08:02     C:\Windows\NDSTray.INI --------- 0   
  16.04.2007 07:17     C:\Windows\HideWin.exe --------- 315392   
  05.03.2007 10:23     C:\Windows\RTKVADDA.EXE --------- 269096   
  16.01.2007 04:39     C:\Windows\RtlUpd.exe --------- 1191936   
  12.01.2007 10:54     C:\Windows\RtlExUpd.dll --------- 520192   
  09.01.2007 15:22     C:\Windows\agrsmdel.exe --------- 50752   
  03.11.2006 14:30     C:\Windows\oemlogo.bmp --------- 43254   
  02.11.2006 15:04     C:\Windows\win.ini --------- 144   
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
  30.06.2005 20:37     C:\Windows\OV519.txt --------- 371   
  15.10.2003 18:52     C:\Windows\sel3110.exe --------- 200704   
  15.10.2003 18:52     C:\Windows\vidcap32.exe --------- 307200   
  15.10.2003 18:52     C:\Windows\ov519dib.dll --------- 61440   
  15.10.2003 18:52     C:\Windows\ov519cap.exe --------- 135168   
  15.10.2003 18:52     C:\Windows\CleanDev.exe --------- 40960   
  15.10.2003 18:52     C:\Windows\amcap.exe --------- 32528   
  29.03.1999 11:08     C:\Windows\UniFish3.exe --------- 45568   
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
 28.07.1995 14:00      C:\Windows\System\DVA.386 --------- 9785 
 21.09.1994 00:00      C:\Windows\System\Wing32.dll --------- 12800 
 21.09.1994 00:00      C:\Windows\System\WingPal.wnd --------- 5024 
 21.09.1994 00:00      C:\Windows\System\WingDib.drv --------- 6736 
 21.09.1994 00:00      C:\Windows\System\Wing.dll --------- 92208 
 24.08.1994 00:00      C:\Windows\System\WingDe.dll --------- 188960 
----------------------------------------

 
C:\Windows\System32

 30.06.2010 09:19     C:\Windows\system32\Tasks --------- 4096  
 30.06.2010 09:04     C:\Windows\system32\drivers --------- 61440  
 30.06.2010 08:56     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 30.06.2010 08:56     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 29.06.2010 23:20     C:\Windows\system32\perfh009.dat --------- 595996  
 29.06.2010 23:20     C:\Windows\system32\perfc009.dat --------- 104070  
 29.06.2010 23:20     C:\Windows\system32\perfh007.dat --------- 628742  
 29.06.2010 23:20     C:\Windows\system32\perfc007.dat --------- 126260  
 29.06.2010 23:20     C:\Windows\system32\PerfStringBackup.INI --------- 1445116  
 29.06.2010 11:46     C:\Windows\system32\catroot --------- 4096  
 29.06.2010 02:11     C:\Windows\system32\catroot2 --------- 8192  
 26.06.2010 12:14     C:\Windows\system32\de-DE --------- 262144  
 26.06.2010 12:05     C:\Windows\system32\en-US --------- 8192  
 11.06.2010 19:26     C:\Windows\system32\FNTCACHE.DAT --------- 253496  
 11.06.2010 19:13     C:\Windows\system32\wbem --------- 61440  
 11.06.2010 19:13     C:\Windows\system32\migration --------- 0  
 28.05.2010 21:37     C:\Windows\system32\mrt.exe --------- 32472008  
 26.05.2010 18:16     C:\Windows\system32\atmlib.dll --------- 34304  
 26.05.2010 16:25     C:\Windows\system32\atmfd.dll --------- 289792  
 21.05.2010 14:14     C:\Windows\system32\MpSigStub.exe --------- 221568  
 04.05.2010 07:59     C:\Windows\system32\wininet.dll --------- 916480  
 04.05.2010 07:59     C:\Windows\system32\urlmon.dll --------- 1209344  
 04.05.2010 07:58     C:\Windows\system32\occache.dll --------- 206848  
 04.05.2010 07:56     C:\Windows\system32\mstime.dll --------- 611840  
 04.05.2010 07:56     C:\Windows\system32\mshtml.dll --------- 5950976  
 04.05.2010 07:56     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 04.05.2010 07:56     C:\Windows\system32\msfeeds.dll --------- 599040  
 04.05.2010 07:55     C:\Windows\system32\jsproxy.dll --------- 25600  
 04.05.2010 07:55     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 04.05.2010 07:55     C:\Windows\system32\ieui.dll --------- 164352  
 04.05.2010 07:55     C:\Windows\system32\iesysprep.dll --------- 109056  
 04.05.2010 07:55     C:\Windows\system32\iesetup.dll --------- 71680  
 04.05.2010 07:55     C:\Windows\system32\iertutil.dll --------- 1985536  
 04.05.2010 07:55     C:\Windows\system32\iernonce.dll --------- 55808  
 04.05.2010 07:55     C:\Windows\system32\iepeers.dll --------- 184320  
 04.05.2010 07:55     C:\Windows\system32\ieframe.dll --------- 11076096  
 04.05.2010 07:55     C:\Windows\system32\iedkcs32.dll --------- 387584  
 04.05.2010 06:31     C:\Windows\system32\ieUnatt.exe --------- 133632  
 04.05.2010 06:30     C:\Windows\system32\ie4uinit.exe --------- 173056  
 04.05.2010 06:30     C:\Windows\system32\msfeedssync.exe --------- 13312  
 04.05.2010 06:30     C:\Windows\system32\mshtml.tlb --------- 1638912  
 01.05.2010 15:53     C:\Windows\system32\win32k.sys --------- 2036224  
 27.04.2010 00:04     C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592  
 23.04.2010 15:55     C:\Windows\system32\tzres.dll --------- 2048  
 16.04.2010 18:10     C:\Windows\system32\quartz.dll --------- 1314816  
 16.04.2010 18:05     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 16.04.2010 16:17     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 05.04.2010 18:07     C:\Windows\system32\asycfilt.dll --------- 67072  
 02.04.2010 19:34     C:\Windows\system32\declrds.ax --------- 45568  
 18.03.2010 13:16     C:\Windows\system32\msvcr100_clr0400.dll --------- 771424  
 08.03.2010 19:59     C:\Windows\system32\dpl100.dll --------- 94208  
 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352  
 28.02.2010 14:27     C:\Windows\system32\EventProviders --------- 0  
 21.02.2010 01:39     C:\Windows\system32\nshhttp.dll --------- 24064  
 21.02.2010 01:37     C:\Windows\system32\httpapi.dll --------- 31232  
 19.02.2010 21:27     C:\Windows\system32\DivX.dll --------- 720384  
 19.02.2010 21:27     C:\Windows\system32\divx_xx11.dll --------- 839680  
 19.02.2010 21:27     C:\Windows\system32\divx_xx0c.dll --------- 856064  
 19.02.2010 21:27     C:\Windows\system32\divx_xx0a.dll --------- 847872  
 19.02.2010 21:27     C:\Windows\system32\divx_xx07.dll --------- 856064  
 19.02.2010 21:27     C:\Windows\system32\divx_xx16.dll --------- 843776  
 18.02.2010 16:49     C:\Windows\system32\ntoskrnl.exe --------- 3545992  
 18.02.2010 16:49     C:\Windows\system32\ntkrnlpa.exe --------- 3598216  
 18.02.2010 16:11     C:\Windows\system32\iphlpsvc.dll --------- 190464  
 12.02.2010 12:48     C:\Windows\system32\browserchoice.exe --------- 293376  
 01.02.2010 14:03     C:\Windows\system32\TURegOpt.exe --------- 30536  
 01.02.2010 13:57     C:\Windows\system32\authuitu.dll --------- 21320  
 01.02.2010 13:57     C:\Windows\system32\uxtuneup.dll --------- 30024  
 29.01.2010 18:21     C:\Windows\system32\inetcomm.dll --------- 738304  
 25.01.2010 14:48     C:\Windows\system32\secproc_ssp_isv.dll --------- 151040  
 25.01.2010 14:48     C:\Windows\system32\secproc_ssp.dll --------- 151040  
 25.01.2010 14:48     C:\Windows\system32\secproc_isv.dll --------- 472576  
 25.01.2010 14:48     C:\Windows\system32\secproc.dll --------- 472064  
 25.01.2010 14:45     C:\Windows\system32\msdrm.dll --------- 329216  
 25.01.2010 10:35     C:\Windows\system32\RMActivate_ssp_isv.exe --------- 346624  
 25.01.2010 10:35     C:\Windows\system32\RMActivate_isv.exe --------- 523776  
 25.01.2010 10:34     C:\Windows\system32\RMActivate_ssp.exe --------- 347136  
 25.01.2010 10:34     C:\Windows\system32\RMActivate.exe --------- 511488  
 21.01.2010 17:59     C:\Windows\system32\l3codeca.acm --------- 62464  
 15.01.2010 02:04     C:\Windows\system32\cabview.dll --------- 98304  
 02.01.2010 05:22     C:\Windows\system32\ieuinit.inf --------- 57667  
 28.12.2009 14:35     C:\Windows\system32\tsbyuv.dll --------- 11776  
 28.12.2009 14:32     C:\Windows\system32\msyuv.dll --------- 22528  
 28.12.2009 14:32     C:\Windows\system32\msvidc32.dll --------- 31744  
 28.12.2009 14:32     C:\Windows\system32\msvfw32.dll --------- 123904  
 28.12.2009 14:32     C:\Windows\system32\msrle32.dll --------- 13312  
 28.12.2009 14:31     C:\Windows\system32\mciavi32.dll --------- 82944  
 28.12.2009 14:31     C:\Windows\system32\iyuv_32.dll --------- 50176  
 28.12.2009 14:28     C:\Windows\system32\avifil32.dll --------- 91136  
 28.12.2009 14:28     C:\Windows\system32\avicap32.dll --------- 65024  
 23.12.2009 14:43     C:\Windows\system32\wintrust.dll --------- 171520  
 15.12.2009 23:41     C:\Windows\system32\WDI --------- 4096  
 04.12.2009 09:19     C:\Windows\system32\jscript.dll --------- 726528  
 08.11.2009 10:55     C:\Windows\system32\netfxperf.dll --------- 49472  
 08.11.2009 10:55     C:\Windows\system32\mscoree.dll --------- 297808  
 08.11.2009 10:55     C:\Windows\system32\PresentationHost.exe --------- 295264  
 08.11.2009 10:55     C:\Windows\system32\PresentationHostProxy.dll --------- 99176  
 08.11.2009 10:55     C:\Windows\system32\dfshim.dll --------- 1130824  
 23.10.2009 19:42     C:\Windows\system32\timedate.cpl --------- 714240  
 19.10.2009 16:27     C:\Windows\system32\t2embed.dll --------- 156672  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 30.06.2010 09:19     C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job --------- 282  
 30.06.2010 09:02     C:\Windows\Tasks\1-Klick-Wartung.job --------- 522  
 30.06.2010 08:56     C:\Windows\Tasks\SA.DAT --------- 6  
 30.06.2010 08:54     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32542  
 30.06.2010 07:21     C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000UA.job --------- 1114  
 30.06.2010 05:21     C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000Core.job --------- 1062  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\tina\AppData\Local\Temp

 30.06.2010 09:18     C:\Users\tina\AppData\Local\Temp\Rar$DI00.723 --------- 0  
 30.06.2010 09:18     C:\Users\tina\AppData\Local\Temp\etilqs_dHFdO0S0pEgCJH7U4ZpV --------- 0  
 30.06.2010 09:05     C:\Users\tina\AppData\Local\Temp\Low --------- 4096  
 30.06.2010 09:04     C:\Users\tina\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS.exe --------- 634952  
 30.06.2010 09:00     C:\Users\tina\AppData\Local\Temp\IpAdrSet.log --------- 12011  
 30.06.2010 08:59     C:\Users\tina\AppData\Local\Temp\div1248.tmp --------- 0  
 30.06.2010 08:59     C:\Users\tina\AppData\Local\Temp\~DF8025.tmp --------- 16384  
 30.06.2010 08:58     C:\Users\tina\AppData\Local\Temp\WPDNSE --------- 0  
 30.06.2010 08:53     C:\Users\tina\AppData\Local\Temp\SymNRT 6-30-2010 8h48m54s.log --------- 20500904  
 30.06.2010 07:51     C:\Users\tina\AppData\Local\Temp\Cache --------- 0  
 30.06.2010 07:28     C:\Users\tina\AppData\Local\Temp\MessengerCache --------- 0  
 30.06.2010 07:19     C:\Users\tina\AppData\Local\Temp\symlcsv1.exe --------- 31864  
 30.06.2010 07:19     C:\Users\tina\AppData\Local\Temp\~DF67A9.tmp --------- 16384  
 30.06.2010 07:19     C:\Users\tina\AppData\Local\Temp\divDCC7.tmp --------- 0  
 30.06.2010 05:33     C:\Users\tina\AppData\Local\Temp\divD58.tmp --------- 0  
 30.06.2010 05:33     C:\Users\tina\AppData\Local\Temp\~DFA8D2.tmp --------- 16384  
 30.06.2010 05:27     C:\Users\tina\AppData\Local\Temp\nss4C74.tmp --------- 0  
 30.06.2010 04:37     C:\Users\tina\AppData\Local\Temp\AFB5.tmp --------- 0  
 30.06.2010 04:30     C:\Users\tina\AppData\Local\Temp\is-LG2SF.tmp --------- 0  
 30.06.2010 04:29     C:\Users\tina\AppData\Local\Temp\is-EM4IK.tmp --------- 0  
 30.06.2010 04:29     C:\Users\tina\AppData\Local\Temp\is-VDD51.tmp --------- 0  
 30.06.2010 04:28     C:\Users\tina\AppData\Local\Temp\EB10.tmp --------- 0  
 30.06.2010 04:28     C:\Users\tina\AppData\Local\Temp\4B96.tmp --------- 0  
 30.06.2010 03:53     C:\Users\tina\AppData\Local\Temp\mod2798.tmp --------- 7050  
 30.06.2010 03:53     C:\Users\tina\AppData\Local\Temp\mod6315.tmp --------- 0  
 30.06.2010 03:52     C:\Users\tina\AppData\Local\Temp\mod953B.tmp --------- 139817  
 30.06.2010 03:52     C:\Users\tina\AppData\Local\Temp\mod9402.tmp --------- 947  
 30.06.2010 03:51     C:\Users\tina\AppData\Local\Temp\mod2545.tmp --------- 5  
 30.06.2010 03:46     C:\Users\tina\AppData\Local\Temp\Jg1.exe --------- 172032  
 30.06.2010 03:45     C:\Users\tina\AppData\Local\Temp\Jg0.exe --------- 170496  
 30.06.2010 03:42     C:\Users\tina\AppData\Local\Temp\au-descriptor-1.6.0_20-b74.xml --------- 8841  
 30.06.2010 03:39     C:\Users\tina\AppData\Local\Temp\~DFEEBD.tmp --------- 147456  
 30.06.2010 03:36     C:\Users\tina\AppData\Local\Temp\jar_cache3560.tmp --------- 1174  
 30.06.2010 03:36     C:\Users\tina\AppData\Local\Temp\jar_cache3559.tmp --------- 8434  
 29.06.2010 23:22     C:\Users\tina\AppData\Local\Temp\CR_403B.tmp --------- 0  
 29.06.2010 23:22     C:\Users\tina\AppData\Local\Temp\chrome_installer.log --------- 591  
 29.06.2010 22:38     C:\Users\tina\AppData\Local\Temp\~DFA079.tmp --------- 16384  
 29.06.2010 22:38     C:\Users\tina\AppData\Local\Temp\divCEB.tmp --------- 0  
 29.06.2010 18:48     C:\Users\tina\AppData\Local\Temp\~DF7EC7.tmp --------- 147456  
 16.11.2009 17:36     C:\Users\tina\AppData\Local\Temp\IcqUpdater.exe --------- 89848  
----------------------------------------

 
C:\Program Files

 30.06.2010 09:19     C:\Program Files\Spyware Doctor --------- 49152  
 30.06.2010 09:04     C:\Program Files\NortonInstaller --------- 0  
 30.06.2010 09:04     C:\Program Files\Norton Security Scan --------- 0  
 30.06.2010 06:16     C:\Program Files\trend micro --------- 0  
 30.06.2010 05:27     C:\Program Files\CCleaner --------- 0  
 30.06.2010 04:31     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 28.06.2010 01:20     C:\Program Files\Mozilla Firefox --------- 32768  
 26.06.2010 12:04     C:\Program Files\Microsoft.NET --------- 0  
 25.06.2010 12:20     C:\Program Files\Microsoft Silverlight --------- 4096  
 13.06.2010 18:47     C:\Program Files\Common Files --------- 8192  
 13.06.2010 18:26     C:\Program Files\Uniblue --------- 0  
 13.06.2010 18:21     C:\Program Files\Orbitdownloader --------- 4096  
 11.06.2010 19:13     C:\Program Files\Windows Mail --------- 4096  
 11.06.2010 19:13     C:\Program Files\Internet Explorer --------- 4096  
 23.05.2010 15:43     C:\Program Files\DivX --------- 8192  
 05.05.2010 17:53     C:\Program Files\AIM6 --------- 8192  
 20.03.2010 19:09     C:\Program Files\PhotoScape --------- 4096  
 13.03.2010 13:19     C:\Program Files\Movie Maker --------- 4096  
 28.02.2010 12:24     C:\Program Files\TuneUp Utilities 2009 --------- 49152  
 28.02.2010 12:02     C:\Program Files\TuneUp Utilities 2010 --------- 49152  
 05.02.2010 17:13     C:\Program Files\CDBurnerXP --------- 16384  
 02.02.2010 17:16     C:\Program Files\Hasbro Interactive --------- 0  
 01.01.2010 23:59     C:\Program Files\ICQ6.5 --------- 16384  
 10.12.2009 18:23     C:\Program Files\Nikon --------- 0  
 10.12.2009 18:03     C:\Program Files\ArcSoft --------- 0  
 10.12.2009 18:03     C:\Program Files\InstallShield Installation Information --------- 8192  
 18.11.2009 21:18     C:\Program Files\DVDVideoSoft --------- 4096  
 11.11.2009 13:42     C:\Program Files\Skype --------- 0  
 06.11.2009 10:37     C:\Program Files\Windows Sidebar --------- 4096  
 03.11.2009 13:14     C:\Program Files\Shape Collage --------- 0  
 02.11.2009 19:06     C:\Program Files\iFoxSoft --------- 0  
 28.10.2009 04:19     C:\Program Files\Windows Media Player --------- 4096  
 15.09.2009 23:16     C:\Program Files\Windows Live --------- 4096  
 15.09.2009 23:15     C:\Program Files\Microsoft Sync Framework --------- 0  
 15.09.2009 23:11     C:\Program Files\Microsoft --------- 0  
 15.09.2009 23:10     C:\Program Files\Windows Live SkyDrive --------- 0  
 06.09.2009 20:18     C:\Program Files\Apowersoft --------- 0  
 28.08.2009 10:01     C:\Program Files\Java --------- 4096  
 12.08.2009 00:02     C:\Program Files\Avidemux 2.5 --------- 12288  
 18.07.2009 21:49     C:\Program Files\Yahoo --------- 0  
 20.06.2009 20:43     C:\Program Files\Mp3tag --------- 4096  
 26.04.2009 21:59     C:\Program Files\QuickTime --------- 4096  
 30.03.2009 18:24     C:\Program Files\MAGIX --------- 4096  
 30.03.2009 18:21     C:\Program Files\Google --------- 0  
 30.03.2009 16:35     C:\Program Files\Graboid --------- 0  
 15.03.2009 14:51     C:\Program Files\Stardock --------- 0  
 12.03.2009 18:20     C:\Program Files\VideoLAN --------- 0  
 20.02.2009 16:38     C:\Program Files\Avira --------- 0  
 16.02.2009 23:30     C:\Program Files\Microsoft Office --------- 0  
 16.02.2009 19:35     C:\Program Files\WinRAR --------- 4096  
 16.02.2009 15:02     C:\Program Files\desktop.ini --------- 174  
 16.02.2009 14:52     C:\Program Files\Windows Calendar --------- 0  
 16.02.2009 14:52     C:\Program Files\Windows Collaboration --------- 4096  
 16.02.2009 14:52     C:\Program Files\Windows Journal --------- 4096  
 16.02.2009 14:52     C:\Program Files\Windows Photo Gallery --------- 4096  
 16.02.2009 14:52     C:\Program Files\Windows Defender --------- 4096  
 15.02.2009 14:09     C:\Program Files\Windows Live Toolbar --------- 0  
 15.02.2009 13:39     C:\Program Files\ICQ6Toolbar --------- 0  
 15.02.2009 00:27     C:\Program Files\ICQ6 --------- 0  
 14.02.2009 20:54     C:\Program Files\MSECache --------- 0  
 25.01.2009 23:26     C:\Program Files\Real --------- 0  
 17.11.2008 15:18     C:\Program Files\Audacity --------- 4096  
 04.11.2008 01:42     C:\Program Files\Viewpoint --------- 0  
 03.11.2008 23:19     C:\Program Files\Gimp-2.0 --------- 0  
 03.11.2008 23:08     C:\Program Files\Paint.NET --------- 12288  
 03.11.2008 23:04     C:\Program Files\Veoh Networks --------- 0  
 03.11.2008 21:26     C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0  
 03.11.2008 21:11     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 14.10.2008 16:39     C:\Program Files\Intel --------- 0  
 14.10.2008 16:35     C:\Program Files\Windows NT --------- 4096  
 14.10.2008 16:35     C:\Program Files\Gemeinsame Dateien --------- 0  
 14.10.2008 16:31     C:\Program Files\TOSHIBA --------- 4096  
 14.10.2008 16:30     C:\Program Files\Synaptics --------- 0  
 14.10.2008 16:04     C:\Program Files\ATI Technologies --------- 0  
 14.10.2008 16:02     C:\Program Files\ATI --------- 0  
 12.07.2007 21:39     C:\Program Files\Realtek --------- 0  
 12.07.2007 21:02     C:\Program Files\MSXML 4.0 --------- 0  
 12.07.2007 10:45     C:\Program Files\InterVideo --------- 0  
 12.07.2007 10:41     C:\Program Files\Ulead Systems --------- 0  
 16.04.2007 08:34     C:\Program Files\IDM --------- 0  
 16.04.2007 08:30     C:\Program Files\Adobe --------- 0  
 16.04.2007 08:11     C:\Program Files\Windows Media-Komponenten --------- 0  
 16.04.2007 07:35     C:\Program Files\My Company Name --------- 0  
 16.04.2007 07:26     C:\Program Files\ltmoh --------- 0  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\Microsoft Games --------- 4096  
 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

tina    
Gast    
desktop.ini    
Public    
Default    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         1.012 K
smss.exe                       512 Services                   0           564 K
csrss.exe                      580 Services                   0         5.392 K
wininit.exe                    620 Services                   0         3.708 K
csrss.exe                      632 Console                    1        10.960 K
services.exe                   664 Services                   0         6.600 K
lsass.exe                      680 Services                   0         7.532 K
lsm.exe                        688 Services                   0         4.188 K
winlogon.exe                   724 Console                    1         6.352 K
svchost.exe                    884 Services                   0         6.436 K
PresentationFontCache.exe      928 Services                   0         7.136 K
svchost.exe                    976 Services                   0         6.000 K
svchost.exe                   1012 Services                   0        28.368 K
Ati2evxx.exe                  1092 Services                   0         4.068 K
svchost.exe                   1120 Services                   0        11.032 K
svchost.exe                   1156 Services                   0        74.500 K
svchost.exe                   1192 Services                   0        49.352 K
audiodg.exe                   1284 Services                   0        11.464 K
svchost.exe                   1308 Services                   0         4.792 K
SLsvc.exe                     1332 Services                   0         3.616 K
svchost.exe                   1388 Services                   0        10.152 K
Ati2evxx.exe                  1476 Console                    1         5.664 K
svchost.exe                   1624 Services                   0        13.020 K
spoolsv.exe                   1832 Services                   0        10.508 K
sched.exe                     1860 Services                   0         1.032 K
svchost.exe                   1872 Services                   0        11.008 K
agrsmsvc.exe                  2024 Services                   0         2.344 K
avguard.exe                    200 Services                   0        17.624 K
BDTUpdateService.exe           332 Services                   0         2.248 K
CFSvcs.exe                     396 Services                   0         2.892 K
NMSAccessU.exe                 616 Services                   0         2.776 K
pctsAuxs.exe                  1692 Services                   0         1.192 K
pctsSvc.exe                   2060 Services                   0        24.808 K
SeaPort.exe                   2116 Services                   0         7.908 K
svchost.exe                   2168 Services                   0         5.260 K
TODDSrv.exe                   2236 Services                   0         3.336 K
TosCoSrv.exe                  2272 Services                   0         4.136 K
TUProgSt.exe                  2344 Services                   0         4.044 K
TuneUpUtilitiesService32.     2364 Services                   0         8.300 K
ULCDRSvr.exe                  2392 Services                   0         2.312 K
svchost.exe                   2424 Services                   0         2.904 K
taskeng.exe                   2556 Services                   0         5.508 K
pctsTray.exe                  3996 Console                    1         1.264 K
taskeng.exe                   4044 Console                    1        12.108 K
TuneUpUtilitiesApp32.exe      4084 Console                    1         7.576 K
dwm.exe                       1724 Console                    1        45.948 K
explorer.exe                  2340 Console                    1        76.804 K
Jg0.exe                       1776 Console                    1        40.272 K
MSASCui.exe                   3460 Console                    1        10.068 K
KeNotify.exe                  2968 Console                    1         5.640 K
RtHDVCpl.exe                  4032 Console                    1         5.492 K
TPwrMain.exe                  2764 Console                    1         4.284 K
SmoothView.exe                1732 Console                    1         3.284 K
TCrdMain.exe                  3068 Console                    1        37.112 K
NDSTray.exe                   2596 Console                    1         5.432 K
SynTPEnh.exe                  2164 Console                    1         8.564 K
SynToshiba.exe                1404 Console                    1         4.872 K
avgnt.exe                     2896 Console                    1         2.960 K
NkMonitor.exe                 1000 Console                    1         4.584 K
MOM.exe                       3504 Console                    1         4.212 K
DivXUpdate.exe                2056 Console                    1         9.576 K
sidebar.exe                   3772 Console                    1        17.284 K
TOSCDSPD.exe                  3360 Console                    1         3.160 K
VeohClient.exe                3928 Console                    1        14.208 K
ehtray.exe                    3924 Console                    1         1.536 K
ehmsas.exe                    3352 Console                    1         4.688 K
CFSwMgr.exe                   4468 Console                    1         6.272 K
GoogleCrashHandler.exe        4668 Console                    1         1.108 K
CCC.exe                       4816 Console                    1        13.756 K
sidebar.exe                   4952 Console                    1        50.584 K
Ymsgr_tray.exe                5536 Console                    1         8.232 K
chrome.exe                    4340 Console                    1        51.104 K
chrome.exe                    5416 Console                    1        37.336 K
wuauclt.exe                   5092 Console                    1         6.208 K
orbitdm.exe                   4420 Console                    1         1.060 K
orbitnet.exe                  2436 Console                    1         1.280 K
WinRAR.exe                    5768 Console                    1        15.616 K
cmd.exe                       4892 Console                    1         6.904 K
conime.exe                     312 Console                    1         4.368 K
Jg0.exe                       3828 Console                    1         6.624 K
dllhost.exe                   5324 Console                    1         4.928 K
tasklist.exe                  4752 Console                    1         5.392 K
WmiPrvSE.exe                  5636 Services                   0         6.660 K

 
***** Ende des Scans 30.06.2010 um  9:20:00,01 ***
         










Code:
ATTFilter
 Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	03.11.2008		10.0.12.36
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	28.08.2009		10.0.32.18
Adobe Reader 7.0.9 - Deutsch	Adobe Systems Incorporated	15.04.2007	78,2MB	7.0.9
AIM		03.11.2008		
ArcSoft Panorama Maker 4	ArcSoft	09.12.2009	14,7MB	
ATI Catalyst Install Manager	ATI Technologies, Inc.	02.11.2008	13,8MB	3.0.641.0
Audacity 1.2.6		16.11.2008	8,43MB	
Avidemux 2.5		11.08.2009	32,5MB	2.5.0.4944
Avira AntiVir Personal - Free Antivirus	Avira GmbH	19.02.2009	63,2MB	
Bluetooth Stack for Windows by Toshiba		15.04.2007	54,7MB	v5.10.06(T)
Browser Defender 2.0.6.15	Threat Expert Ltd.	04.02.2010	3,57MB	2.0.6.15
Catalyst Control Center - Branding	ATI	13.10.2008	0,41MB	1.00.0000
CCleaner	Piriform	29.06.2010	2,85MB	2.33
CD/DVD Drive Acoustic Silencer	TOSHIBA	13.10.2008	0,45MB	2.00.02
CDBurnerXP	CDBurnerXP	04.02.2010	15,8MB	4.2.7.1893
DeskScapes (Free)	Stardock Corporation	12.03.2009	10,3MB	
DivX Converter	DivX, Inc.	22.05.2010	37,1MB	7.0.0
DivX Plus DirectShow Filters	DivX, Inc.	22.05.2010	1,22MB	
DivX-Setup	DivX, Inc. 	22.05.2010	2,12MB	1.0.1.5
DVD MovieFactory for TOSHIBA	Ulead Systems, Inc.	13.10.2008	251,6MB	5.3
Emdedded IR Driver	Compal Electronics, Inc.	11.07.2007	0,89MB	0.0.0.6C
File Uploader	Nikon	09.12.2009	1,54MB	1.1.1
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)	MAGIX AG	15.04.2007	6,65MB	2.0.0.1
Free Studio version 4.6	DVDVideoSoft Limited.	12.06.2010	65,4MB	
Free Video to iPod Converter version 3.1	DVDVideoSoft Limited.	26.05.2009	2,29MB	
Free Video to JPG Converter version 1.4	DVD Video Soft Limited.	04.01.2009	2,33MB	
Free YouTube Download 2.2	DVDVideoSoft Limited.	26.05.2009	2,34MB	
Gimp 2.6.2 Debug		02.11.2008	83,3MB	
Google Chrome	Google Inc.	25.02.2010	84,2MB	5.0.375.86
ICQ6.5	ICQ	14.02.2009	44,5MB	6.5
Java(TM) 6 Update 15	Sun Microsystems, Inc.	05.07.2009	94,9MB	6.0.150
Java(TM) SE Runtime Environment 6	Sun Microsystems, Inc.	15.04.2007	114,6MB	1.6.0.0
Logitech Eyetoy Webcam		09.03.2010		
Malwarebytes' Anti-Malware	Malwarebytes Corporation	29.06.2010	3,90MB	
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	09.08.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	08.08.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.06.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	25.06.2010	24,5MB	4.0.30319
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	24.06.2010	179,1MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	24.06.2010	29,0MB	4.0.50524.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	02.11.2008	1,74MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	14.09.2009	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	14.09.2009	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	29.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	02.11.2008	0,41MB	8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	06.02.2010	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	04.02.2010	0,58MB	9.0.30729
Move Networks Media Player for Internet Explorer		01.04.2009	1,09MB	
Mozilla Firefox (3.6.6)	Mozilla	27.06.2010	32,3MB	3.6.6 (de)
Mp3tag v2.43	Florian Heidenreich	19.06.2009	5,50MB	v2.43
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	11.07.2007	1,25MB	4.20.9841.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	02.11.2008	1,28MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	03.11.2008	1,28MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008	1,29MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
Nikon Message Center	Nikon	09.12.2009	0,20MB	0.92.000
Nikon Transfer	Nikon	09.12.2009	46,7MB	1.3.0
Orbit Downloader	www.orbitdownloader.com	12.06.2010	8,76MB	
Paint.NET v3.36	dotPDN LLC	02.11.2008	3,97MB	3.36.0
Photo Collage 2.06		01.11.2009	29,5MB	
PhotoScape		19.03.2010	25,9MB	
Picture Control Utility	Nikon	09.12.2009	18,8MB	1.1.3
QuickTime	Apple Inc.	25.04.2009	74,4MB	7.60.92.0
RealPlayer	RealNetworks	07.04.2009	46,0MB	
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista	Realtek	11.07.2007	0,66MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	11.07.2007	14,8MB	6.0.1.5433
Roll		01.02.2010	44,1MB	
Shape Collage	Vincent Cheung	02.11.2009	0,57MB	
Skype Toolbars	Skype Technologies S.A.	12.06.2010	5,25MB	1.0.4051
Skype™ 4.2	Skype Technologies S.A.	12.06.2010	31,1MB	4.2.169
Spyware Doctor 7.0	PC Tools	04.02.2010	94,9MB	7.0
Synaptics Pointing Device Driver	Synaptics	13.10.2008	13,4MB	10.0.1.0
Texas Instruments PCIxx21/x515/xx12 drivers.	Ihr Firmenname	15.04.2007	0,94MB	2.00.0001
TOSHIBA Assist		13.10.2008	1,21MB	2.01.02
TOSHIBA ConfigFree	TOSHIBA	11.07.2007	39,6MB	7.00.29
TOSHIBA Disc Creator	TOSHIBA Corporation	11.07.2007	9,68MB	2.0.0.8
TOSHIBA Extended Tiles for Windows Mobility Center	Toshiba	15.04.2007	1,28MB	1.01.00
TOSHIBA Flash Cards Support Utility	TOSHIBA	15.04.2007		1.48.0.3C
TOSHIBA Hardware Setup	TOSHIBA	11.07.2007		1.48.0.11C
Toshiba Online Product Information	TOSHIBA	15.04.2007	4,78MB	1.00.0009
TOSHIBA SD Memory Utilities	TOSHIBA	15.04.2007	1,61MB	1.8.1.1
TOSHIBA Software Modem	Agere Systems	15.04.2007		2.1.77 (SM2177ALD03)
TOSHIBA Supervisorkennwort	TOSHIBA	15.04.2007		1.48.0.8C
TOSHIBA Value Added Package	TOSHIBA Corporation	11.07.2007	48,00KB	1.0.24
TuneUp Utilities	TuneUp Software	04.02.2010	61,1MB	9.0.3100.16
TuneUp Utilities 2009	TuneUp Software	27.08.2009	47,0MB	8.0.3300.1
Uniblue RegistryBooster 2010	Uniblue Systems Ltd	12.06.2010	16,4MB	
Uninstall 1.0.0.1		12.06.2010	17,3MB	
Veoh Player	Veoh Networks, Inc.	02.11.2008	6,47MB	3.2.0
VeohTV BETA	Veoh Networks, Inc.	08.11.2008	13,6MB	3.9.8
Video Download Capture V2.2.9	Apowersoft	05.09.2009	45,6MB	2.2.9
ViewNX	Nikon	09.12.2009	29,6MB	1.2.0
Viewpoint Media Player		03.11.2008	7,30MB	
VLC media player 0.9.9	VideoLAN Team	09.06.2009	63,6MB	0.9.9
Windows Live Anmelde-Assistent	Microsoft Corporation	14.09.2009	1,93MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	14.09.2009	158,4MB	14.0.8089.0726
Windows Live Sync	Microsoft Corporation	14.09.2009	2,79MB	14.0.8089.726
Windows Live-Uploadtool	Microsoft Corporation	14.09.2009	0,22MB	14.0.8014.1029
Windows Media Encoder 9-Reihe		15.04.2007	13,7MB	
WinRAR		15.02.2009	3,73MB	
Yahoo! Messenger	Yahoo! Inc.	02.11.2008	26,9MB
         




Code:
ATTFilter
 ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/06/30 17:33
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8D83C000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80692000	Size: 286720	File Visible: -	Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x83A14000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8FA38000	Size: 294912	File Visible: -	Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\Windows\system32\DRIVERS\AGRSM.sys
Address: 0x8DA9C000	Size: 1161888	File Visible: -	Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x807E6000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x805D2000	Size: 122880	File Visible: -	Signed: -
Status: -

Name: atikmdag.sys
Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8CE0B000	Size: 7176192	File Visible: -	Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
Address: 0x8FB5D000	Size: 6144	File Visible: -	Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
Address: 0x9CA71000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x8FB4C000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x8075E000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8DBBF000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8047C000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x8259D000	Size: 102400	File Visible: -	Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x99B00000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9CB7A000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8D910000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804C5000	Size: 917504	File Visible: -	Signed: -
Status: -

Name: circlass.sys
Image Path: C:\Windows\system32\DRIVERS\circlass.sys
Address: 0x80FEB000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x895A3000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80484000	Size: 266240	File Visible: -	Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8D8B0000	Size: 14208	File Visible: -	Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x8075B000	Size: 10496	File Visible: -	Signed: -
Status: -

Name: CplIR.SYS
Image Path: C:\Windows\system32\DRIVERS\CplIR.SYS
Address: 0x895CD000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8FB5F000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x895C4000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8FB35000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x89592000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8DA77000	Size: 151552	File Visible: -	Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FB6C000	Size: 45056	File Visible: No	Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8FB77000	Size: 40960	File Visible: No	Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8FB81000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8D4E3000	Size: 651264	File Visible: -	Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8956B000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x805F0000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x806E1000	Size: 204800	File Visible: -	Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8F9F2000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x80F32000	Size: 110592	File Visible: -	Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x83DCD000	Size: 208896	File Visible: -	Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8D58F000	Size: 73728	File Visible: -	Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8DBCF000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x82513000	Size: 446464	File Visible: -	Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8D8B4000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x807C1000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x80F61000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8D8C7000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80403000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x80FC1000	Size: 172032	File Visible: -	Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x80C46000	Size: 462848	File Visible: -	Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x824BC000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: LPCFilter.sys
Image Path: C:\Windows\system32\DRIVERS\LPCFilter.sys
Address: 0x80742000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8FB8B000	Size: 110592	File Visible: -	Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8040B000	Size: 393216	File Visible: -	Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8F9E5000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8DA23000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8D901000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x807D6000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x825B6000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x825CB000	Size: 126976	File Visible: -	Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x8FBAE000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x8FBE7000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: msahci.sys
Image Path: C:\Windows\system32\drivers\msahci.sys
Address: 0x807EE000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8DBE6000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x80713000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8D928000	Size: 188416	File Visible: -	Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x80DC2000	Size: 176128	File Visible: -	Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8CE00000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8955C000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x80CB7000	Size: 1093632	File Visible: -	Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8D9B9000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x824F6000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8D9C4000	Size: 143360	File Visible: -	Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8DA66000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8FAC8000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8FA80000	Size: 204800	File Visible: -	Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x80E0F000	Size: 237568	File Visible: -	Signed: -
Status: -

Name: NETw4v32.sys
Image Path: C:\Windows\system32\DRIVERS\NETw4v32.sys
Address: 0x8D605000	Size: 2256896	File Visible: -	Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8DBF1000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8FB2B000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x89407000	Size: 1110016	File Visible: -	Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x83A14000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8DBB8000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x824CC000	Size: 172032	File Visible: -	Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8D82C000	Size: 61952	File Visible: -	Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8FAB2000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x8074C000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x8071B000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x807C8000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: pcmcia.sys
Image Path: C:\Windows\system32\DRIVERS\pcmcia.sys
Address: 0x805A5000	Size: 184320	File Visible: -	Signed: -
Status: -

Name: PCTCore.sys
Image Path: C:\Windows\system32\drivers\PCTCore.sys
Address: 0x80C0F000	Size: 225280	File Visible: -	Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9CA85000	Size: 909312	File Visible: -	Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x83A14000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8F9B8000	Size: 184320	File Visible: -	Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8046B000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8DBC6000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8D9A2000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8D9E7000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x80F88000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x80F9C000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x83A14000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8FAEF000	Size: 245760	File Visible: -	Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8DBD6000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8DBDE000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9CB90000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x82500000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8F805000	Size: 1780864	File Visible: -	Signed: -
Status: -

Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x80F70000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\Windows\system32\DRIVERS\sdbus.sys
Address: 0x8D896000	Size: 106496	File Visible: -	Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9CB63000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8FA24000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x89554000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8240D000	Size: 716800	File Visible: -	Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9CA0B000	Size: 319488	File Visible: -	Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x895D6000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x82580000	Size: 118784	File Visible: -	Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x8FAE9000	Size: 21248	File Visible: -	Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8D956000	Size: 266240	File Visible: -	Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8D9F6000	Size: 4992	File Visible: -	Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8D8D2000	Size: 180480	File Visible: -	Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x80E49000	Size: 954368	File Visible: -	Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9CB6D000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: tdcmdpst.sys
Image Path: C:\Windows\system32\DRIVERS\tdcmdpst.sys
Address: 0x8D90C000	Size: 16128	File Visible: -	Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8D997000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8FA0E000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x80FB1000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: tifm21.sys
Image Path: C:\Windows\system32\drivers\tifm21.sys
Address: 0x8D84A000	Size: 311296	File Visible: -	Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x99AE0000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: TuneUpUtilitiesDriver32.sys
Image Path: C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
Address: 0x9CB79000	Size: 3328	File Visible: -	Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x80F58000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x80F4D000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: TVALZ_O.SYS
Image Path: C:\Windows\system32\DRIVERS\TVALZ_O.SYS
Address: 0x8954F000	Size: 16768	File Visible: -	Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x80E00000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8D8FF000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8D5EA000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8DA32000	Size: 212992	File Visible: -	Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8D5AC000	Size: 253952	File Visible: -	Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8D5A1000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x80DED000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8DA02000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80768000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80777000	Size: 303104	File Visible: -	Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x89516000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8FAD6000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8D582000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80609000	Size: 507904	File Visible: -	Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x80685000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x998C0000	Size: 2105344	File Visible: -	Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x998C0000	Size: 2105344	File Visible: -	Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806D8000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x83A14000	Size: 3903488	File Visible: -	Signed: -
Status: -







ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/06/30 17:32
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP1
==================================================

Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 3976)	Address: 0x658a0000	Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 3976)	Address: 0x69990000	Size: 372736

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3976)	Address: 0x69c00000	Size: 20480

Object: Hidden Module [Name: de.dll]
Process: chrome.exe (PID: 4148)	Address: 0x66950000	Size: 163840

Object: Hidden Module [Name: de.dll]
Process: chrome.exe (PID: 5140)	Address: 0x66950000	Size: 163840






ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/06/30 17:38
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP1
==================================================

Hidden Services
-------------------
         

Code:
ATTFilter
 Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	5.0.0.31	2010.06.30	-
AhnLab-V3	2010.06.30.07	2010.06.30	-
AntiVir	8.2.4.2	2010.06.30	-
Antiy-AVL	2.0.3.7	2010.06.30	-
Authentium	5.2.0.5	2010.06.30	-
Avast	4.8.1351.0	2010.06.30	-
Avast5	5.0.332.0	2010.06.30	-
AVG	9.0.0.836	2010.06.30	Cryptic.AKR
BitDefender	7.2	2010.06.30	-
CAT-QuickHeal	11.00	2010.06.30	-
ClamAV	0.96.0.3-git	2010.06.30	-
Comodo	5267	2010.06.30	-
DrWeb	5.0.2.03300	2010.06.30	-
eSafe	7.0.17.0	2010.06.30	-
eTrust-Vet	36.1.7676	2010.06.30	Win32/Renos.D!generic
F-Prot	4.6.1.107	2010.06.29	-
F-Secure	9.0.15370.0	2010.06.30	Suspicious:W32/Malware!Gemini
Fortinet	4.1.133.0	2010.06.30	-
GData	21	2010.06.30	-
Ikarus	T3.1.1.84.0	2010.06.30	-
Jiangmin	13.0.900	2010.06.30	-
Kaspersky	7.0.0.125	2010.06.30	Packed.Win32.Katusha.n
McAfee	5.400.0.1158	2010.06.30	-
McAfee-GW-Edition	2010.1	2010.06.30	-
Microsoft	1.5902	2010.06.30	-
NOD32	5240	2010.06.30	a variant of Win32/Kryptik.FEP
Norman	6.05.10	2010.06.30	-
nProtect	2010-06-30.01	2010.06.30	-
Panda	10.0.2.7	2010.06.30	Suspicious file
PCTools	7.0.3.5	2010.06.30	-
Prevx	3.0	2010.06.30	High Risk Cloaked Malware
Rising	22.54.02.04	2010.06.30	-
Sophos	4.54.0	2010.06.30	-
Sunbelt	6526	2010.06.30	VirTool.Win32.Obfuscator.hg!b (v)
Symantec	20101.1.0.89	2010.06.30	-
TheHacker	6.5.2.0.305	2010.06.30	-
TrendMicro	9.120.0.1004	2010.06.30	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.30	-
VBA32	3.12.12.5	2010.06.30	-
ViRobot	2010.6.29.3912	2010.06.30	-
VirusBuster	5.0.27.0	2010.06.30	-
weitere Informationen
File size: 170496 bytes
MD5...: 103e9816992a8a6a29b8f73e321264f3
SHA1..: efa9b40748b3bc223177c54204cc0a594a9a685e
SHA256: 8d6ee4b515f9d0b73b24c758a7d33fe2dee25627ad21e3b5f0d4b0a14c3b4eb1
ssdeep: 3072:xHoY2NR62PASXoCjD3kUlvED/6IhNgp9LTJcLV5Wz:xHxn2XDYD/BhCp9Bc
V5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x38db
timedatestamp.....: 0x4ad14511 (Sun Oct 11 02:38:09 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x78dd 0x7a00 3.59 85c69642e577ba65316ae28b3c44a549
DATA 0x9000 0x1b21a 0x400 2.30 2dbc7b1171806fba0794df073320c652
.data 0x25000 0x2102b 0x21200 7.21 3ad3834c62d7f857e30b7f7b8b3859e3
.tls 0x47000 0xbe 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x48000 0x20c 0x400 0.70 c1acea70ba510aff4bd8f9e48a1591bd

( 12 imports ) 
> msvcrt.dll: log10, memcmp, malloc, memcpy
> OLE32.dll: CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoRevokeClassObject, CoCreateGuid, CLSIDFromProgID, CLSIDFromString, CoUninitialize
> COMDLG32.dll: GetFileTitleA
> shlwapi.dll: SHQueryInfoKeyA, SHQueryValueExA
> VERSION.dll: VerInstallFileA, GetFileVersionInfoA, VerFindFileA
> OLEAUT32.dll: SafeArrayUnaccessData, OleLoadPicture, SysFreeString, SysReAllocStringLen, SysStringLen
> GDI32.dll: SetTextColor, GetBitmapBits, CreateCompatibleDC, LineTo, RestoreDC, GetDIBits, SelectObject, GetPaletteEntries
> comctl32.dll: ImageList_Draw, ImageList_DrawEx, ImageList_Create, ImageList_Remove, ImageList_GetBkColor, ImageList_DragShowNolock, ImageList_Destroy, ImageList_Add
> SHELL32.dll: SHGetDiskFreeSpaceA, DragQueryFileA, SHGetSpecialFolderLocation, Shell_NotifyIconA, SHFileOperationA
> kernel32.dll: VirtualAlloc, GetProcAddress, LoadResource, ExitProcess, GetVersion, LoadLibraryExA, lstrcatA, ExitThread, GetModuleHandleA, CompareStringA, GetVersionExA, InitializeCriticalSection
> USER32.dll: DefFrameProcA, GetDlgItem, SetRect, EqualRect, GetKeyboardType, SetScrollInfo, SetFocus, SetCursor, EmptyClipboard, FindWindowA, CharLowerA, BeginPaint, DefMDIChildProcA, PostMessageA, LoadStringA, InsertMenuA, GetScrollPos, GetCursorPos, RemovePropA, GetSysColorBrush, DestroyMenu, ReleaseCapture, DrawIconEx, CreateWindowExA, GetSubMenu, DestroyCursor, GetCursor, GetClassNameA, GetKeyboardState, IsZoomed, LoadIconA, IsWindowVisible, GetKeyboardLayout, WindowFromPoint, EnableMenuItem, RegisterClassA, DefWindowProcA, SetWindowTextA, CharToOemA, UpdateWindow, SetWindowPos, GetKeyboardLayoutList, DestroyIcon, CheckMenuItem, SetClassLongA, SetScrollPos, DrawFrameControl, DrawIcon, OffsetRect, SetMenu, EnumThreadWindows, MsgWaitForMultipleObjects, GetMenuStringA, RegisterClipboardFormatA, InvalidateRect, GetClassLongA, CharNextA, GetWindow, PostQuitMessage, TrackPopupMenu, GetMessagePos, RemoveMenu, GetWindowRect, DrawTextA, GetDCEx, IntersectRect, GetWindowLongW, GetWindowDC, GetFocus, InflateRect, MapWindowPoints, EnumWindows, ShowWindow, GetScrollInfo, ActivateKeyboardLayout, SetMenuItemInfoA, GetSysColor, MapVirtualKeyA, IsWindow, SetWindowLongW, DrawMenuBar, CharLowerBuffA, SetWindowsHookExA, ShowScrollBar, FillRect, GetWindowLongA, CallNextHookEx, CharUpperBuffA, RedrawWindow, SystemParametersInfoA, CreateMenu, CharNextW, TranslateMDISysAccel, IsDialogMessageA, FrameRect, OemToCharA, LoadKeyboardLayoutA, GetIconInfo, PtInRect, KillTimer, SetWindowPlacement, ScrollWindow, WaitMessage, CloseClipboard, UnhookWindowsHookEx, ReleaseDC, DestroyWindow, EndPaint, SetActiveWindow, GetWindowThreadProcessId
> advapi32.dll: RegCreateKeyExA, GetUserNameA

( 0 exports ) 
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=4893B17C00BCD07B9A83021784B00B0054FD004C' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=4893B17C00BCD07B9A83021784B00B0054FD004C</a>
         

Alt 01.07.2010, 06:19   #8
kira
/// Helfer-Team
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



Punkt 7.:-> http://www.trojaner-board.de/87658-a...tml#post537703
sehe die Dateiname nicht, was ob Du die richtige Datei prüfen lassen:
Zitat:
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)
also bitte nochmal aber richtig

Alt 01.07.2010, 07:06   #9
tina_084
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



Code:
ATTFilter
Datei Jg0.exe empfangen 2010.07.01 05:56:38 (UTC)
Status: Beendet 
Ergebnis: 11/40 (27.5%)
  Filter
Drucken der Ergebnisse  
Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	5.0.0.31	2010.07.01	Packed.Win32.Katusha!IK
AhnLab-V3	2010.07.01.00	2010.07.01	-
AntiVir	8.2.4.2	2010.06.30	-
Antiy-AVL	2.0.3.7	2010.06.30	-
Authentium	5.2.0.5	2010.07.01	-
Avast	4.8.1351.0	2010.06.30	-
Avast5	5.0.332.0	2010.06.30	-
AVG	9.0.0.836	2010.07.01	Cryptic.AKR
BitDefender	7.2	2010.07.01	-
CAT-QuickHeal	11.00	2010.06.30	-
ClamAV	0.96.0.3-git	2010.07.01	-
Comodo	5272	2010.07.01	-
DrWeb	5.0.2.03300	2010.07.01	-
eSafe	7.0.17.0	2010.06.30	-
eTrust-Vet	36.1.7677	2010.06.30	Win32/Renos.D!generic
F-Prot	4.6.1.107	2010.06.30	-
F-Secure	9.0.15370.0	2010.07.01	Suspicious:W32/Malware!Gemini
Fortinet	4.1.133.0	2010.06.30	-
GData	21	2010.07.01	-
Ikarus	T3.1.1.84.0	2010.07.01	Packed.Win32.Katusha
Jiangmin	13.0.900	2010.07.01	-
Kaspersky	7.0.0.125	2010.07.01	Packed.Win32.Katusha.n
McAfee	5.400.0.1158	2010.07.01	-
McAfee-GW-Edition	2010.1	2010.06.30	Artemis!103E9816992A
Microsoft	1.5902	2010.07.01	-
NOD32	5241	2010.06.30	a variant of Win32/Kryptik.FEP
Norman	6.05.10	2010.06.30	-
nProtect	2010-06-30.01	2010.06.30	-
Panda	10.0.2.7	2010.06.30	Trj/CI.A
PCTools	7.0.3.5	2010.07.01	-
Rising	22.54.03.01	2010.07.01	-
Sophos	4.54.0	2010.07.01	Mal/FakeAV-CX
Sunbelt	6529	2010.07.01	VirTool.Win32.Obfuscator.hg!b (v)
Symantec	20101.1.0.89	2010.07.01	-
TheHacker	6.5.2.0.305	2010.06.30	-
TrendMicro	9.120.0.1004	2010.07.01	-
TrendMicro-HouseCall	9.120.0.1004	2010.07.01	-
VBA32	3.12.12.5	2010.06.30	-
ViRobot	2010.6.29.3912	2010.07.01	-
VirusBuster	5.0.27.0	2010.06.30	-
weitere Informationen
File size: 170496 bytes
MD5...: 103e9816992a8a6a29b8f73e321264f3
SHA1..: efa9b40748b3bc223177c54204cc0a594a9a685e
SHA256: 8d6ee4b515f9d0b73b24c758a7d33fe2dee25627ad21e3b5f0d4b0a14c3b4eb1
ssdeep: 3072:xHoY2NR62PASXoCjD3kUlvED/6IhNgp9LTJcLV5Wz:xHxn2XDYD/BhCp9Bc
V5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x38db
timedatestamp.....: 0x4ad14511 (Sun Oct 11 02:38:09 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x78dd 0x7a00 3.59 85c69642e577ba65316ae28b3c44a549
DATA 0x9000 0x1b21a 0x400 2.30 2dbc7b1171806fba0794df073320c652
.data 0x25000 0x2102b 0x21200 7.21 3ad3834c62d7f857e30b7f7b8b3859e3
.tls 0x47000 0xbe 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x48000 0x20c 0x400 0.70 c1acea70ba510aff4bd8f9e48a1591bd

( 12 imports ) 
> msvcrt.dll: log10, memcmp, malloc, memcpy
> OLE32.dll: CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoRevokeClassObject, CoCreateGuid, CLSIDFromProgID, CLSIDFromString, CoUninitialize
> COMDLG32.dll: GetFileTitleA
> shlwapi.dll: SHQueryInfoKeyA, SHQueryValueExA
> VERSION.dll: VerInstallFileA, GetFileVersionInfoA, VerFindFileA
> OLEAUT32.dll: SafeArrayUnaccessData, OleLoadPicture, SysFreeString, SysReAllocStringLen, SysStringLen
> GDI32.dll: SetTextColor, GetBitmapBits, CreateCompatibleDC, LineTo, RestoreDC, GetDIBits, SelectObject, GetPaletteEntries
> comctl32.dll: ImageList_Draw, ImageList_DrawEx, ImageList_Create, ImageList_Remove, ImageList_GetBkColor, ImageList_DragShowNolock, ImageList_Destroy, ImageList_Add
> SHELL32.dll: SHGetDiskFreeSpaceA, DragQueryFileA, SHGetSpecialFolderLocation, Shell_NotifyIconA, SHFileOperationA
> kernel32.dll: VirtualAlloc, GetProcAddress, LoadResource, ExitProcess, GetVersion, LoadLibraryExA, lstrcatA, ExitThread, GetModuleHandleA, CompareStringA, GetVersionExA, InitializeCriticalSection
> USER32.dll: DefFrameProcA, GetDlgItem, SetRect, EqualRect, GetKeyboardType, SetScrollInfo, SetFocus, SetCursor, EmptyClipboard, FindWindowA, CharLowerA, BeginPaint, DefMDIChildProcA, PostMessageA, LoadStringA, InsertMenuA, GetScrollPos, GetCursorPos, RemovePropA, GetSysColorBrush, DestroyMenu, ReleaseCapture, DrawIconEx, CreateWindowExA, GetSubMenu, DestroyCursor, GetCursor, GetClassNameA, GetKeyboardState, IsZoomed, LoadIconA, IsWindowVisible, GetKeyboardLayout, WindowFromPoint, EnableMenuItem, RegisterClassA, DefWindowProcA, SetWindowTextA, CharToOemA, UpdateWindow, SetWindowPos, GetKeyboardLayoutList, DestroyIcon, CheckMenuItem, SetClassLongA, SetScrollPos, DrawFrameControl, DrawIcon, OffsetRect, SetMenu, EnumThreadWindows, MsgWaitForMultipleObjects, GetMenuStringA, RegisterClipboardFormatA, InvalidateRect, GetClassLongA, CharNextA, GetWindow, PostQuitMessage, TrackPopupMenu, GetMessagePos, RemoveMenu, GetWindowRect, DrawTextA, GetDCEx, IntersectRect, GetWindowLongW, GetWindowDC, GetFocus, InflateRect, MapWindowPoints, EnumWindows, ShowWindow, GetScrollInfo, ActivateKeyboardLayout, SetMenuItemInfoA, GetSysColor, MapVirtualKeyA, IsWindow, SetWindowLongW, DrawMenuBar, CharLowerBuffA, SetWindowsHookExA, ShowScrollBar, FillRect, GetWindowLongA, CallNextHookEx, CharUpperBuffA, RedrawWindow, SystemParametersInfoA, CreateMenu, CharNextW, TranslateMDISysAccel, IsDialogMessageA, FrameRect, OemToCharA, LoadKeyboardLayoutA, GetIconInfo, PtInRect, KillTimer, SetWindowPlacement, ScrollWindow, WaitMessage, CloseClipboard, UnhookWindowsHookEx, ReleaseDC, DestroyWindow, EndPaint, SetActiveWindow, GetWindowThreadProcessId
> advapi32.dll: RegCreateKeyExA, GetUserNameA

( 0 exports ) 
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
         

Alt 01.07.2010, 21:27   #10
kira
/// Helfer-Team
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



da die Datei noch Relativ unbekannt ist, lass uns sie noch schnell hochladen, damit sie zu den AV-Programm Herstellern weitergeleitet werden kann bzw zur weitere Analyse:

Datei Upload
C:\Users\tina\AppData\Local\Temp\Jg0.exe
  • Gib im Kommentarfeld Folgendes an:
  • "Unknown file"
  • diese Information:
Code:
ATTFilter
Datei Jg0.exe empfangen 2010.07.01 05:56:38 (UTC)
Status: Beendet 
Ergebnis: 11/40 (27.5%)
  Filter
Drucken der Ergebnisse  
Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	5.0.0.31	2010.07.01	Packed.Win32.Katusha!IK
AhnLab-V3	2010.07.01.00	2010.07.01	-
AntiVir	8.2.4.2	2010.06.30	-
Antiy-AVL	2.0.3.7	2010.06.30	-
Authentium	5.2.0.5	2010.07.01	-
Avast	4.8.1351.0	2010.06.30	-
Avast5	5.0.332.0	2010.06.30	-
AVG	9.0.0.836	2010.07.01	Cryptic.AKR
BitDefender	7.2	2010.07.01	-
CAT-QuickHeal	11.00	2010.06.30	-
ClamAV	0.96.0.3-git	2010.07.01	-
Comodo	5272	2010.07.01	-
DrWeb	5.0.2.03300	2010.07.01	-
eSafe	7.0.17.0	2010.06.30	-
eTrust-Vet	36.1.7677	2010.06.30	Win32/Renos.D!generic
F-Prot	4.6.1.107	2010.06.30	-
F-Secure	9.0.15370.0	2010.07.01	Suspicious:W32/Malware!Gemini
Fortinet	4.1.133.0	2010.06.30	-
GData	21	2010.07.01	-
Ikarus	T3.1.1.84.0	2010.07.01	Packed.Win32.Katusha
Jiangmin	13.0.900	2010.07.01	-
Kaspersky	7.0.0.125	2010.07.01	Packed.Win32.Katusha.n
McAfee	5.400.0.1158	2010.07.01	-
McAfee-GW-Edition	2010.1	2010.06.30	Artemis!103E9816992A
Microsoft	1.5902	2010.07.01	-
NOD32	5241	2010.06.30	a variant of Win32/Kryptik.FEP
Norman	6.05.10	2010.06.30	-
nProtect	2010-06-30.01	2010.06.30	-
Panda	10.0.2.7	2010.06.30	Trj/CI.A
PCTools	7.0.3.5	2010.07.01	-
Rising	22.54.03.01	2010.07.01	-
Sophos	4.54.0	2010.07.01	Mal/FakeAV-CX
Sunbelt	6529	2010.07.01	VirTool.Win32.Obfuscator.hg!b (v)
Symantec	20101.1.0.89	2010.07.01	-
TheHacker	6.5.2.0.305	2010.06.30	-
TrendMicro	9.120.0.1004	2010.07.01	-
TrendMicro-HouseCall	9.120.0.1004	2010.07.01	-
VBA32	3.12.12.5	2010.06.30	-
ViRobot	2010.6.29.3912	2010.07.01	-
VirusBuster	5.0.27.0	2010.06.30	-
weitere Informationen
File size: 170496 bytes
MD5...: 103e9816992a8a6a29b8f73e321264f3
SHA1..: efa9b40748b3bc223177c54204cc0a594a9a685e
SHA256: 8d6ee4b515f9d0b73b24c758a7d33fe2dee25627ad21e3b5f0d4b0a14c3b4eb1
ssdeep: 3072:xHoY2NR62PASXoCjD3kUlvED/6IhNgp9LTJcLV5Wz:xHxn2XDYD/BhCp9Bc
V5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x38db
timedatestamp.....: 0x4ad14511 (Sun Oct 11 02:38:09 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x78dd 0x7a00 3.59 85c69642e577ba65316ae28b3c44a549
DATA 0x9000 0x1b21a 0x400 2.30 2dbc7b1171806fba0794df073320c652
.data 0x25000 0x2102b 0x21200 7.21 3ad3834c62d7f857e30b7f7b8b3859e3
.tls 0x47000 0xbe 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x48000 0x20c 0x400 0.70 c1acea70ba510aff4bd8f9e48a1591bd

( 12 imports ) 
> msvcrt.dll: log10, memcmp, malloc, memcpy
> OLE32.dll: CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoRevokeClassObject, CoCreateGuid, CLSIDFromProgID, CLSIDFromString, CoUninitialize
> COMDLG32.dll: GetFileTitleA
> shlwapi.dll: SHQueryInfoKeyA, SHQueryValueExA
> VERSION.dll: VerInstallFileA, GetFileVersionInfoA, VerFindFileA
> OLEAUT32.dll: SafeArrayUnaccessData, OleLoadPicture, SysFreeString, SysReAllocStringLen, SysStringLen
> GDI32.dll: SetTextColor, GetBitmapBits, CreateCompatibleDC, LineTo, RestoreDC, GetDIBits, SelectObject, GetPaletteEntries
> comctl32.dll: ImageList_Draw, ImageList_DrawEx, ImageList_Create, ImageList_Remove, ImageList_GetBkColor, ImageList_DragShowNolock, ImageList_Destroy, ImageList_Add
> SHELL32.dll: SHGetDiskFreeSpaceA, DragQueryFileA, SHGetSpecialFolderLocation, Shell_NotifyIconA, SHFileOperationA
> kernel32.dll: VirtualAlloc, GetProcAddress, LoadResource, ExitProcess, GetVersion, LoadLibraryExA, lstrcatA, ExitThread, GetModuleHandleA, CompareStringA, GetVersionExA, InitializeCriticalSection
> USER32.dll: DefFrameProcA, GetDlgItem, SetRect, EqualRect, GetKeyboardType, SetScrollInfo, SetFocus, SetCursor, EmptyClipboard, FindWindowA, CharLowerA, BeginPaint, DefMDIChildProcA, PostMessageA, LoadStringA, InsertMenuA, GetScrollPos, GetCursorPos, RemovePropA, GetSysColorBrush, DestroyMenu, ReleaseCapture, DrawIconEx, CreateWindowExA, GetSubMenu, DestroyCursor, GetCursor, GetClassNameA, GetKeyboardState, IsZoomed, LoadIconA, IsWindowVisible, GetKeyboardLayout, WindowFromPoint, EnableMenuItem, RegisterClassA, DefWindowProcA, SetWindowTextA, CharToOemA, UpdateWindow, SetWindowPos, GetKeyboardLayoutList, DestroyIcon, CheckMenuItem, SetClassLongA, SetScrollPos, DrawFrameControl, DrawIcon, OffsetRect, SetMenu, EnumThreadWindows, MsgWaitForMultipleObjects, GetMenuStringA, RegisterClipboardFormatA, InvalidateRect, GetClassLongA, CharNextA, GetWindow, PostQuitMessage, TrackPopupMenu, GetMessagePos, RemoveMenu, GetWindowRect, DrawTextA, GetDCEx, IntersectRect, GetWindowLongW, GetWindowDC, GetFocus, InflateRect, MapWindowPoints, EnumWindows, ShowWindow, GetScrollInfo, ActivateKeyboardLayout, SetMenuItemInfoA, GetSysColor, MapVirtualKeyA, IsWindow, SetWindowLongW, DrawMenuBar, CharLowerBuffA, SetWindowsHookExA, ShowScrollBar, FillRect, GetWindowLongA, CallNextHookEx, CharUpperBuffA, RedrawWindow, SystemParametersInfoA, CreateMenu, CharNextW, TranslateMDISysAccel, IsDialogMessageA, FrameRect, OemToCharA, LoadKeyboardLayoutA, GetIconInfo, PtInRect, KillTimer, SetWindowPlacement, ScrollWindow, WaitMessage, CloseClipboard, UnhookWindowsHookEx, ReleaseDC, DestroyWindow, EndPaint, SetActiveWindow, GetWindowThreadProcessId
> advapi32.dll: RegCreateKeyExA, GetUserNameA

( 0 exports ) 
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
         
  • Drücke nun auf den Button "Send File"
  • **Damit wir mit dem nächsten Schritt fortfahren können, teile uns mit, ob es dir gelungen ist, die Datei/en hochzuladen.
    .

Alt 08.07.2010, 06:48   #11
kira
/// Helfer-Team
 
Ärger mit Antimaleware Doctor! - Standard

Ärger mit Antimaleware Doctor!



Fehlende Rückmeldung - Thread geschlossen! Handlungsempfehlungen und ggf. weitere Maßnahmen hier:-> Anleitung: Neuaufsetzen des Systems + Absicherung

Antwort

Themen zu Ärger mit Antimaleware Doctor!
32 bit, agere systems, antimaleware, antivir, avgntflt.sys, bho, browser guard, converter, desktop, ebay, eraser, fehler, firefox, flash player, google, hdaudio.sys, helper.exe, hijack, hijackthis, home, home premium, install.exe, installation, intrusion prevention, launch, local\temp, logfile, msiexec.exe, notepad.exe, object, plug-in, problem, programdata, rogue.antimalwaredoctor, rootkit.dropper, saver, security, server, skype.exe, software, spyware, staropen, start menu, studio, symantec, system, trojaner, trojaner board, uleadburninghelper, usb, usbvideo.sys, vista 32, vista 32 bit, windows-sicherheitscenterdienst, wscript.exe




Ähnliche Themen: Ärger mit Antimaleware Doctor!


  1. Habe Antimaleware Doctor eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (24)
  2. Antimaleware Doctor + Windows Explorer Abstürze
    Log-Analyse und Auswertung - 30.12.2010 (6)
  3. Antimaleware-Doctor eingefangen
    Plagegeister aller Art und deren Bekämpfung - 11.09.2010 (11)
  4. Antimaleware doctor seit 2 Tagen auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (6)
  5. Antimaleware doctor, mein malewarebytes log
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (1)
  6. Antimaleware Doctor
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (1)
  7. Probleme mit antimaleware doctor
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (1)
  8. antimaleware Doctor
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (1)
  9. Ärger mit Antimaleware Doctor, stäniger Phishing Alarm..
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (17)
  10. Antimaleware Doctor
    Plagegeister aller Art und deren Bekämpfung - 05.06.2010 (6)
  11. Antimaleware Doctor
    Log-Analyse und Auswertung - 30.05.2010 (2)
  12. Antimaleware-Doctor-Attacke und troj/FakeAV-***
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (59)
  13. Habe Antimaleware doctor! Was soll ich tun?
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (7)
  14. Antimaleware Doctor - nicht zu löschen !
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (5)
  15. Antimaleware Doctor und Antimaleware Soft Attacke
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (4)
  16. Antimaleware Doctor entfernt - Logfiles zur Auswertung
    Plagegeister aller Art und deren Bekämpfung - 28.04.2010 (13)
  17. Antimaleware doctor oder anderer fissling?
    Plagegeister aller Art und deren Bekämpfung - 28.04.2010 (1)

Zum Thema Ärger mit Antimaleware Doctor! - Hallo Liebes Trojaner Board Ich bin hier zum ersten mal in einem Forum unterwegs und kenne mich leider in solch dingen nicht aus. Ich wurde zum Opfer von Antimaleware Doctor - Ärger mit Antimaleware Doctor!...
Archiv
Du betrachtest: Ärger mit Antimaleware Doctor! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.