Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Check für meinen Pc

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.06.2011, 20:10   #1
Hilfe2011
 
Check für meinen Pc - Standard

Check für meinen Pc



Guten Abend,

mein Name ist Jamal und ich hatte gestern einen Virus bekommen, habe mich selbständig im Internet auf die Suche danach gemacht und das Problem meines Wissens nach behoben.
Habe dann noch eine Datei von einem "Computerfreak" bekommen nach dem Problem und bin mir nicht sicher ob in dieser Datei kein Pc-hack Programm drinne ist.

Wollte fragen welche Dateien ich euch zeigen muss, damit ihr mich aufklären könnt, was mit meinem Pc gerade los ist.
(Ps: habe z.b noch ein paar Viren drauf laut. Spybot aber die lassen sich nicht löschen ?!?!)

Sorry wenn ich jetzt keinen der 7.Punkte genau bearbeitet habe stehe aber momentan ziemlich unter Stess


Danke im Vorraus !

Alt 05.06.2011, 20:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Check für meinen Pc - Standard

Check für meinen Pc



Zitat:
und ich hatte gestern einen Virus bekommen,
Virus? Wo genau, was wurde gefunden, was hat der Scanner gemeldet?
__________________

__________________

Alt 05.06.2011, 20:38   #3
Hilfe2011
 
Check für meinen Pc - Standard

Check für meinen Pc



Das gleiche Problem wie Magggi hat und ein paar andere Leute auf dieser Seite.(Nach einem Neustart war dann der Desktop schwarz und sogut wie nichts mehr im Startmenü. Dann öffnete sich Automatisch: Windows 7 Recovery und hat einige fehler gefunden. Ein paar konnte er nicht beheben:

Read time of hard drive clusters less than 500ms - Critical Error
34% of HDD space is unreadable - Critical Error
Bad sectors on hard drive or damaged file allocation table - Critical Error
Boot sector of the hard disk is damaged - Critical Error
Hard drive doesn´t respond to system commands - Critical Error, hat Maggi geschrieben)
Habe diesen Virus auch mit Hilfe dieser Seite meines Wissens nach gelöscht, da die Symptome nicht mehr da sind.

Brauche nun ein Check ob es meinem Pc gut geht, und ob sich niemand draufgehäckt hat.
__________________

Alt 05.06.2011, 20:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Check für meinen Pc - Standard

Check für meinen Pc



Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.06.2011, 22:03   #5
Hilfe2011
 
Check für meinen Pc - Standard

Check für meinen Pc



Defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:15 on 05/06/2011 (Hans)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-




das ist die Defogger, und bei der OTL klappts nicht so ganz, was braucht ihr denn da genau und was muss ich in den OTL Einstellungen machen?


Alt 06.06.2011, 10:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Check für meinen Pc - Standard

Check für meinen Pc



Was heißt klappt nicht so ganz? Steht doch alles haarklein beschrieben drin was du machen musst, wenn was nicht funktioniert musst du beschreiben woran es genau hapert
__________________
--> Check für meinen Pc

Alt 06.06.2011, 14:39   #7
Hilfe2011
 
Check für meinen Pc - Standard

Check für meinen Pc



Ich weiß nicht so recht auf welche Angaben ich klicken soll, für einen Scan wüsste ich es oder ist es dass gleiche wie beim Quickscan ?

Außerdem ist bei dem Screen in Otl.exe Standart-Ausgabe markiert und unten in der beschreibung steht mann soll die minimale ausgabe wählen.



Ps: Danke für die schnelle Hilfe cosinus, freue mich dass es so schnell geht

Alt 06.06.2011, 15:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Check für meinen Pc - Standard

Check für meinen Pc



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.06.2011, 15:44   #9
Hilfe2011
 
Check für meinen Pc - Standard

Check für meinen Pc



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.06.2011 16:30:47 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\H\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,11% Memory free
4,23 Gb Paging File | 2,97 Gb Available in Paging File | 70,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,73 Gb Total Space | 132,14 Gb Free Space | 59,33% Space Free | Partition Type: NTFS
 
Computer Name: BETINA-PC | User Name: Betina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Betina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Betina\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PCToolsSSDMonitorSvc) -- C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (RtkHDMIService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.30 23:21:35 | 000,000,000 | ---D | M]
 
[2010.05.25 18:27:25 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv522.dll
 
O1 HOSTS File: ([2011.06.05 18:16:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Betina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Betina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Users^Betina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DarkGameX-Mt2_updater.exe.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Betina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Discounter Planer.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{daba28b3-41bc-4ca3-b921-28eb67111092} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.05 20:23:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Betina\Desktop\HiJackThis204.exe
[2011.06.05 19:43:49 | 000,000,000 | ---D | C] -- C:\Users\Betina\Desktop\Metin2 Yanbuggen
[2011.06.05 18:38:28 | 000,000,000 | ---D | C] -- C:\Users\Betina\Desktop\SharedMt2
[2011.06.05 18:25:56 | 000,000,000 | ---D | C] -- C:\Users\Betina\Desktop\P server
[2011.06.05 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\Betina\Desktop\Virus
[2011.06.05 18:19:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.06.05 18:19:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.06.05 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\Betina\AppData\Local\temp
[2011.06.05 18:05:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.05 18:05:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.05 18:05:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.05 18:05:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.05 18:05:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.06.05 18:05:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.05 18:05:07 | 004,111,938 | R--- | C] (Swearware) -- C:\Users\Betina\Desktop\ComboFix.exe
[2011.06.05 17:28:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.05 03:24:22 | 000,000,000 | ---D | C] -- C:\Users\Betina\AppData\Roaming\Avira
[2011.06.05 03:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.06.05 03:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.06.05 03:10:45 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.06.05 03:10:45 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.05 03:10:06 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.06.05 03:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.06.05 02:49:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Betina\Desktop\OTL.exe
[2011.06.05 02:25:57 | 000,000,000 | ---D | C] -- C:\Users\Betina\AppData\Roaming\Malwarebytes
[2011.06.05 02:25:50 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.05 02:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.05 02:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.05 02:25:47 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.05 02:25:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.05 02:25:10 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Betina\Desktop\mbam-setup-1.51.0.1200.exe
[2011.05.29 14:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011.05.29 14:37:12 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2011.05.29 14:36:23 | 032,167,888 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Betina\Desktop\TeamSpeak3-Client-win32-3.0.0-rc1.exe
[2011.05.14 13:10:36 | 000,000,000 | ---D | C] -- C:\Users\Betina\Documents\085_ghamdi_burooj
[2011.05.09 15:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.08 00:58:55 | 000,000,000 | ---D | C] -- C:\Users\Betina\Documents\DeadLine Results
[2011.05.08 00:58:55 | 000,000,000 | ---D | C] -- C:\Users\Betina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeadLine
[2011.05.08 00:58:55 | 000,000,000 | ---D | C] -- C:\Programme\DeadLine
[2011.05.08 00:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeadLine
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Betina\AppData\Local\*.tmp files -> C:\Users\Betina\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.06 15:58:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.06 15:58:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568539066-3826537632-3725692582-1000UA.job
[2011.06.06 15:36:01 | 000,113,541 | ---- | M] () -- C:\Users\Betina\Desktop\screen2.png
[2011.06.06 15:28:19 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.06.06 15:28:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.06 15:28:13 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.06 15:28:13 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.06 15:28:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.06 15:27:56 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.05 23:47:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.06.05 22:15:18 | 000,000,000 | ---- | M] () -- C:\Users\Betina\defogger_reenable
[2011.06.05 22:12:48 | 000,050,477 | ---- | M] () -- C:\Users\Betina\Desktop\Defogger.exe
[2011.06.05 20:56:51 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Betina.job
[2011.06.05 20:23:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Betina\Desktop\HiJackThis204.exe
[2011.06.05 20:01:51 | 000,394,282 | ---- | M] () -- C:\Users\Betina\Documents\prob.jpg
[2011.06.05 19:49:52 | 000,012,352 | ---- | M] () -- C:\Users\Betina\Documents\serverinfo.py
[2011.06.05 19:41:19 | 644,645,701 | ---- | M] () -- C:\Users\Betina\Desktop\Metin2 Yanbuggen.rar
[2011.06.05 19:25:12 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011.06.05 19:00:29 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011.06.05 18:16:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.06.05 18:05:10 | 004,111,938 | R--- | M] (Swearware) -- C:\Users\Betina\Desktop\ComboFix.exe
[2011.06.05 17:21:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Betina\Desktop\OTL.exe
[2011.06.05 15:24:12 | 000,000,120 | ---- | M] () -- C:\Users\Betina\AppData\Local\Bjefutodigip.dat
[2011.06.05 02:58:54 | 052,718,176 | ---- | M] () -- C:\Users\Betina\Desktop\avira_antivir_personal648_de.exe
[2011.06.05 02:25:11 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Betina\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.05 01:52:32 | 000,000,000 | ---- | M] () -- C:\Users\Betina\AppData\Local\Ljutatuxofum.bin
[2011.06.05 01:52:07 | 000,000,136 | ---- | M] () -- C:\ProgramData\~31645432
[2011.06.05 01:52:06 | 000,000,160 | ---- | M] () -- C:\ProgramData\~31645432r
[2011.06.04 23:04:16 | 000,000,400 | ---- | M] () -- C:\ProgramData\31645432
[2011.06.04 16:57:20 | 835,973,759 | ---- | M] () -- C:\Users\Betina\Desktop\SharedMt2.rar
[2011.06.04 14:10:04 | 000,636,251 | ---- | M] () -- C:\Users\Betina\Documents\084_mishary_inshiqaq.zip
[2011.06.04 00:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568539066-3826537632-3725692582-1000Core.job
[2011.05.29 14:36:34 | 032,167,888 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Betina\Desktop\TeamSpeak3-Client-win32-3.0.0-rc1.exe
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.28 14:37:13 | 741,651,547 | ---- | M] () -- C:\Users\Betina\Desktop\Dark-MT2 2010er Client.rar
[2011.05.14 13:09:59 | 000,529,468 | ---- | M] () -- C:\Users\Betina\Documents\085_ghamdi_burooj.zip
[2011.05.09 15:45:53 | 000,007,620 | ---- | M] () -- C:\Users\Betina\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Betina\AppData\Local\*.tmp files -> C:\Users\Betina\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.06 15:36:00 | 000,113,541 | ---- | C] () -- C:\Users\Betina\Desktop\screen2.png
[2011.06.05 22:15:18 | 000,000,000 | ---- | C] () -- C:\Users\Betina\defogger_reenable
[2011.06.05 22:12:48 | 000,050,477 | ---- | C] () -- C:\Users\Betina\Desktop\Defogger.exe
[2011.06.05 19:56:11 | 000,394,282 | ---- | C] () -- C:\Users\Betina\Documents\prob.jpg
[2011.06.05 19:49:51 | 000,012,352 | ---- | C] () -- C:\Users\Betina\Documents\serverinfo.py
[2011.06.05 19:32:14 | 644,645,701 | ---- | C] () -- C:\Users\Betina\Desktop\Metin2 Yanbuggen.rar
[2011.06.05 19:25:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.06.05 18:05:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.05 18:05:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.05 18:05:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.05 18:05:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.05 18:05:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.05 02:58:38 | 052,718,176 | ---- | C] () -- C:\Users\Betina\Desktop\avira_antivir_personal648_de.exe
[2011.06.05 01:52:06 | 000,000,160 | ---- | C] () -- C:\ProgramData\~31645432r
[2011.06.05 01:52:06 | 000,000,136 | ---- | C] () -- C:\ProgramData\~31645432
[2011.06.04 23:01:40 | 000,000,400 | ---- | C] () -- C:\ProgramData\31645432
[2011.06.04 22:53:38 | 000,000,120 | ---- | C] () -- C:\Users\Betina\AppData\Local\Bjefutodigip.dat
[2011.06.04 22:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Betina\AppData\Local\Ljutatuxofum.bin
[2011.06.04 16:52:14 | 835,973,759 | ---- | C] () -- C:\Users\Betina\Desktop\SharedMt2.rar
[2011.06.04 14:10:13 | 000,664,128 | ---- | C] () -- C:\Users\Betina\Documents\084_mishary_inshiqaq.mp3
[2011.06.04 14:09:59 | 000,636,251 | ---- | C] () -- C:\Users\Betina\Documents\084_mishary_inshiqaq.zip
[2011.05.28 14:32:38 | 741,651,547 | ---- | C] () -- C:\Users\Betina\Desktop\Dark-MT2 2010er Client.rar
[2011.05.14 13:09:57 | 000,529,468 | ---- | C] () -- C:\Users\Betina\Documents\085_ghamdi_burooj.zip
[2011.05.09 15:42:11 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568539066-3826537632-3725692582-1000UA.job
[2011.05.09 15:42:10 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568539066-3826537632-3725692582-1000Core.job
[2011.04.11 18:24:23 | 000,000,136 | ---- | C] () -- C:\ProgramData\~43966216r
[2011.04.11 18:24:23 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43966216
[2011.04.11 18:23:40 | 000,000,336 | ---- | C] () -- C:\ProgramData\43966216
[2010.11.17 22:11:14 | 000,000,000 | ---- | C] () -- C:\Users\Betina\AppData\Roaming\wklnhst.dat
[2010.11.04 11:49:39 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2009.11.02 17:36:09 | 000,000,552 | ---- | C] () -- C:\Users\Betina\AppData\Local\d3d8caps.dat
[2009.01.16 14:35:04 | 000,000,276 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008.12.01 12:33:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.10.18 21:36:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.10.18 21:36:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.18 21:31:14 | 000,015,360 | ---- | C] () -- C:\Users\Betina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.18 20:24:55 | 000,007,620 | ---- | C] () -- C:\Users\Betina\AppData\Local\d3d9caps.dat
[2008.06.03 17:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.06.03 17:17:40 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008.06.03 16:45:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.05.16 02:41:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.05.16 02:41:54 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.16 02:41:53 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.05.16 02:41:53 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.05.15 17:08:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.05.15 16:46:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.30 10:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.09.12 01:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.09.12 01:54:26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,356,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.01.11 18:26:20 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\CDZilla
[2011.04.25 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\FreeFLVConverter
[2009.01.10 20:54:36 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Logs
[2010.09.11 16:42:12 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\OpenOffice.org
[2011.02.03 17:38:15 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Opera
[2010.11.04 20:05:39 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Registry Mechanic
[2010.05.14 12:25:30 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\T-Online
[2010.03.29 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\TeamViewer
[2010.11.17 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Template
[2011.06.01 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\TS3Client
[2010.09.30 19:33:10 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Wayg
[2009.10.05 19:12:59 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Windows Live Writer
[2011.06.05 19:00:29 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011.06.05 23:48:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.05 18:15:22 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Adobe
[2011.06.01 18:15:39 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\ArcSoft
[2008.06.03 17:30:00 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\ATI
[2011.06.05 03:24:22 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Avira
[2009.01.11 18:26:20 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\CDZilla
[2009.04.01 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\DivX
[2011.04.25 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\FreeFLVConverter
[2008.10.18 21:56:09 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Google
[2008.05.15 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Identities
[2008.06.03 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\InstallShield
[2009.06.14 15:33:19 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Intel
[2009.01.10 20:54:36 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Logs
[2008.06.03 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Macromedia
[2011.06.05 02:25:57 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Media Center Programs
[2011.04.12 19:59:06 | 000,000,000 | --SD | M] -- C:\Users\Betina\AppData\Roaming\Microsoft
[2011.04.25 21:27:49 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Move Networks
[2011.01.13 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Mozilla
[2010.09.11 16:42:12 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\OpenOffice.org
[2011.02.03 17:38:15 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Opera
[2011.04.30 23:23:19 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Real
[2010.11.04 20:05:39 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Registry Mechanic
[2010.01.31 17:42:51 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Roxio
[2011.06.05 23:31:01 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Skype
[2011.06.05 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\skypePM
[2009.06.28 20:12:32 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Sony Corporation
[2010.05.14 12:25:30 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\T-Online
[2011.04.25 21:27:50 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\teamspeak2
[2010.03.29 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\TeamViewer
[2010.11.17 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Template
[2011.06.01 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\TS3Client
[2010.09.30 19:33:10 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Wayg
[2009.10.05 19:12:59 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\Windows Live Writer
[2010.05.16 19:35:09 | 000,000,000 | ---D | M] -- C:\Users\Betina\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.05.14 12:28:39 | 000,010,134 | R--- | M] () -- C:\Users\Betina\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.04.12 23:16:24 | 000,144,053 | ---- | M] () -- C:\Users\Betina\AppData\Roaming\Move Networks\uninstall.exe
[2009.02.12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Betina\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.05.13 02:05:16 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---

Alt 06.06.2011, 15:58   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Check für meinen Pc - Standard

Check für meinen Pc



Zitat:
[2011.06.05 18:05:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.06.05 18:05:48 | 000,000,000 | ---D | C] -- C:\Qoobox
Wer hat dich angewiesen CF auszuführen??
Und warum erwähnst du da keinen Ton von? Wenn sowas ohne Absprachen passiert kann man zumindest dann ein Wort drüber verlieren und auch das Log dazu posten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.06.2011, 20:16   #11
Hilfe2011
 
Check für meinen Pc - Standard

Check für meinen Pc



x.x

In Zukunft werde ich dass sein lassen, ist der Rest ok?
Gehts meinem Pc gut?


Lg
jamal

Alt 06.06.2011, 20:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Check für meinen Pc - Standard

Check für meinen Pc



Warum postest du das Log von CF nicht?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.06.2011, 20:52   #13
Hilfe2011
 
Check für meinen Pc - Standard

Check für meinen Pc



Sry weiß nicht so ganz was ich posten soll

hier combofix ^^




Combofix Logfile:
Code:
ATTFilter
ComboFix 11-06-05.01 - Betina 05.06.2011  18:08:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2045.1000 [GMT 2:00]
ausgeführt von:: c:\users\Betina\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\users\Betina\AppData\Local\{FD07784E-BD77-4719-80D0-CA35B6A0D5FB}
c:\users\Betina\AppData\Local\{FD07784E-BD77-4719-80D0-CA35B6A0D5FB}\chrome.manifest
c:\users\Betina\AppData\Local\{FD07784E-BD77-4719-80D0-CA35B6A0D5FB}\chrome\content\_cfg.js
c:\users\Betina\AppData\Local\{FD07784E-BD77-4719-80D0-CA35B6A0D5FB}\chrome\content\overlay.xul
c:\users\Betina\AppData\Local\{FD07784E-BD77-4719-80D0-CA35B6A0D5FB}\install.rdf
c:\users\Betina\AppData\Local\qip
c:\users\Betina\AppData\Local\qip\data.ini
c:\users\Betina\AppData\Local\qip\FreeCleaner_de.exe.ini
c:\users\Betina\AppData\Local\qip\spybotsd160.exe.ini
c:\users\Betina\AppData\Roaming\Adobe\plugs
c:\users\Betina\AppData\Roaming\Adobe\shed
c:\users\Betina\AppData\Roaming\Lywuwy
c:\users\Betina\AppData\Roaming\Lywuwy\qebiy.exe
c:\users\Betina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\Betina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\Betina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\Betina\Desktop\Windows Vista Recovery.lnk
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-05 bis 2011-06-05  ))))))))))))))))))))))))))))))
.
.
2011-06-05 16:15 . 2011-06-05 16:16	--------	d-----w-	c:\users\Betina\AppData\Local\temp
2011-06-05 16:15 . 2011-06-05 16:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-05 15:28 . 2011-06-05 15:28	--------	d-----w-	C:\_OTL
2011-06-05 01:24 . 2011-06-05 01:24	--------	d-----w-	c:\users\Betina\AppData\Roaming\Avira
2011-06-05 01:10 . 2011-04-01 15:07	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-05 01:10 . 2011-04-01 15:07	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-05 01:10 . 2011-06-05 01:10	--------	d-----w-	c:\programdata\Avira
2011-06-05 01:10 . 2011-06-05 01:10	--------	d-----w-	c:\program files\Avira
2011-06-05 00:25 . 2011-06-05 00:25	--------	d-----w-	c:\users\Betina\AppData\Roaming\Malwarebytes
2011-06-05 00:25 . 2011-06-05 00:25	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-05 00:25 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 00:25 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-05 00:25 . 2011-06-05 00:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-04 20:53 . 2011-06-04 23:52	0	----a-w-	c:\users\Betina\AppData\Local\Ljutatuxofum.bin
2011-06-03 10:03 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63FF9640-8C33-478D-B021-6EB0C0FC8CD1}\mpengine.dll
2011-05-29 12:37 . 2011-05-29 12:37	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2011-05-27 20:04 . 2011-05-27 20:04	1138440	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-20 14:31 . 2011-05-20 14:31	0	----a-w-	c:\users\Betina\AppData\Local\BITEE53.tmp
2011-05-11 07:44 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-05-07 22:58 . 2011-05-07 22:58	--------	d-----w-	c:\program files\DeadLine
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 07:29	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-30 21:20 . 2003-10-17 10:44	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-04-20 17:15 . 2010-11-24 21:04	307200	----a-w-	c:\windows\system32\TubeFinder.exe
2011-03-29 22:39 . 2011-03-29 22:39	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-03-10 16:12 . 2011-04-26 08:55	1161728	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-26 08:55	1136640	----a-w-	c:\windows\system32\mfc42.dll
2010-07-08 08:27 . 2010-07-08 08:27	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-10-18 138552]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2011-01-17 14:54	175912	----a-w-	c:\program files\softonic-de3\prxtbsof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44	1400712	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 15:28	1485112	----a-r-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-04-22 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 6111232]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-06-03 36864]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-10-13 111928]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-04-30 273544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-11-16 268800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-12 21:45	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Betina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DarkGameX-Mt2_updater.exe.lnk]
path=c:\users\Betina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DarkGameX-Mt2_updater.exe.lnk
backup=c:\windows\pss\DarkGameX-Mt2_updater.exe.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Betina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Discounter Planer.lnk]
path=c:\users\Betina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Discounter Planer.lnk
backup=c:\windows\pss\Discounter Planer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57	948672	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-08 08:27	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 08:42	2156368	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 19:41	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca60c0ed3ae7aa;Google Update Service (gupdate1ca60c0ed3ae7aa);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-12-12 28464]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-08 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-04 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-04 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-04 63328]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-04-03 229376]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkHDMIService;RtkHDMIService;c:\windows\RtkAudioService.exe [2008-04-29 98304]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-09 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-04-24 411488]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-30 17408]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 59435856
*NewlyCreated* - 80753155
*Deregistered* - 59435856
*Deregistered* - 80753155
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 22:15]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 22:15]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568539066-3826537632-3725692582-1000Core.job
- c:\users\Betina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-09 13:42]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568539066-3826537632-3725692582-1000UA.job
- c:\users\Betina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-09 13:42]
.
2011-06-04 c:\windows\Tasks\Norton Security Scan for Betina.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-17 08:48]
.
2011-06-04 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-11-04 07:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://92.51.137.94/objects/NpFv522.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-05 18:16
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-05  18:19:20
ComboFix-quarantined-files.txt  2011-06-05 16:19
.
Vor Suchlauf: 15 Verzeichnis(se), 139.941.777.408 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 140.049.772.544 Bytes frei
.
- - End Of File - - F63AB021998DCFDBF03FA5D0C3804050
         
--- --- ---

Alt 06.06.2011, 20:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Check für meinen Pc - Standard

Check für meinen Pc



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011.06.05 01:52:06 | 000,000,160 | ---- | C] () -- C:\ProgramData\~31645432r
[2011.06.05 01:52:06 | 000,000,136 | ---- | C] () -- C:\ProgramData\~31645432
[2011.06.04 23:01:40 | 000,000,400 | ---- | C] () -- C:\ProgramData\31645432
[2011.06.04 22:53:38 | 000,000,120 | ---- | C] () -- C:\Users\Betina\AppData\Local\Bjefutodigip.dat
[2011.06.04 22:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Betina\AppData\Local\Ljutatuxofum.bin
[2011.04.11 18:24:23 | 000,000,136 | ---- | C] () -- C:\ProgramData\~43966216r
[2011.04.11 18:24:23 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43966216
[2011.04.11 18:23:40 | 000,000,336 | ---- | C] () -- C:\ProgramData\43966216
[2010.11.04 11:49:39 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.06.2011, 21:14   #15
Hilfe2011
 
Check für meinen Pc - Standard

Check für meinen Pc



========== OTL ==========
C:\ProgramData\~31645432r moved successfully.
C:\ProgramData\~31645432 moved successfully.
C:\ProgramData\31645432 moved successfully.
C:\Users\Betina\AppData\Local\Bjefutodigip.dat moved successfully.
C:\Users\Betina\AppData\Local\Ljutatuxofum.bin moved successfully.
C:\ProgramData\~43966216r moved successfully.
C:\ProgramData\~43966216 moved successfully.
C:\ProgramData\43966216 moved successfully.
C:\Windows\System32\CleanMFT32.exe moved successfully.
ADS C:\ProgramData\TEMP:671329E4 deleted successfully.
ADS C:\ProgramData\TEMP1B5B4F1 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_221258

Antwort

Themen zu Check für meinen Pc
abend, check, compu, datei, dateien, frage, fragen, gestern, guten, interne, internet, löschen, momentan, nicht löschen, nicht sicher, problem, programm, selbständig, spybot, stehe, suche, tan, viren, virus, wissens, ziemlich



Ähnliche Themen: Check für meinen Pc


  1. Nach DETEKT-Check und 4 Staatstrojaner auf meinen Computer entdecken!
    Log-Analyse und Auswertung - 28.11.2014 (7)
  2. PC Check
    Log-Analyse und Auswertung - 22.06.2014 (27)
  3. Allgemeiner Check - Wie kann ich meinen PC optimieren?
    Alles rund um Windows - 03.08.2013 (5)
  4. S.M.A.R.T Check
    Log-Analyse und Auswertung - 12.05.2012 (5)
  5. Benötige einen Check meiner Dienste, evtl. habe ich einen Virus, der meinen PC überwacht!
    Log-Analyse und Auswertung - 19.12.2011 (10)
  6. Check von meinen Lanparty-PC
    Log-Analyse und Auswertung - 06.11.2010 (3)
  7. PC Check auf Malware
    Plagegeister aller Art und deren Bekämpfung - 26.02.2010 (32)
  8. PC check ok?
    Log-Analyse und Auswertung - 26.01.2010 (1)
  9. Check mal meinen log
    Mülltonne - 01.12.2007 (1)
  10. check this out yo
    Log-Analyse und Auswertung - 12.10.2007 (3)
  11. May u check me plz?!
    Log-Analyse und Auswertung - 28.06.2007 (1)
  12. HJT-Log>>Please check!
    Log-Analyse und Auswertung - 09.04.2006 (2)
  13. check
    Mülltonne - 08.03.2006 (1)
  14. bitte um hj-this log check
    Log-Analyse und Auswertung - 01.07.2005 (2)
  15. pls check!
    Log-Analyse und Auswertung - 07.03.2005 (9)
  16. Please check HijackThis! log
    Log-Analyse und Auswertung - 04.03.2005 (7)
  17. Hjt log check
    Log-Analyse und Auswertung - 27.01.2005 (1)

Zum Thema Check für meinen Pc - Guten Abend, mein Name ist Jamal und ich hatte gestern einen Virus bekommen, habe mich selbständig im Internet auf die Suche danach gemacht und das Problem meines Wissens nach behoben. - Check für meinen Pc...
Archiv
Du betrachtest: Check für meinen Pc auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.