Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?

Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?


Plagegeister aller Art und deren Bekämpfung: Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2010, 14:58   #1
Bilal1988
 
Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? - Standard

Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?


hallo Marvin_1980

ich hab genau das selbe problem gehabt wie du dann hab ich auch das programm Malwarebytes' Anti-Malware installiert bei mir ist der virus weg so wie es aussieht zumindest seh ich nichts mehr in der leiste aber irgend wie kann ich mein internet explorer nicht mehr öffnen, wenn ich es öffne ist da einfach nur ein weißer leerer bildschirm ich kann nur noch über firefox ins internet kann mir bitte bitte jemand weiter helfen???

Alt 15.06.2010, 16:28   #2
Larusso
/// Selecta Jahrusso
 
Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? - Standard

Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?




Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt
__________________

__________________
Alt 15.06.2010, 17:40   #3
Bilal1988
 
Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? - Standard

Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.06.2010 18:34:38 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Bilal\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 278,53 Gb Free Space | 62,49% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,02 Gb Free Space | 55,14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BILAL-PC
Current User Name: Bilal
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Downloads\OTL.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.26 10:20:22 | 000,056,680 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010.05.07 16:40:06 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.01.29 15:42:51 | 000,105,616 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Home\Meine Software\meine software.exe
PRC - [2010.01.28 23:34:01 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2008.06.03 18:36:42 | 000,095,232 | ---- | M] (CyberLink) -- C:\Windows\System32\CLWatson.exe
PRC - [2008.06.03 18:36:24 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe
PRC - [2008.05.29 22:41:50 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.11 15:55:48 | 000,937,984 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.28 16:12:14 | 000,330,240 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe
PRC - [2007.08.24 08:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.08.24 04:45:42 | 000,101,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.02.12 15:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Downloads\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.07 19:25:42 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010.01.25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.02.25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.02 22:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.05.30 20:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.09 15:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2005.09.29 19:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005.08.10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57300
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1
FF - prefs.js..extensions.enabledItems: {4b897551-0a2b-4159-99e7-3cd721caec78}:2.5.8.6
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.28 17:50:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.13 22:26:23 | 000,000,000 | ---D | M]
 
[2010.01.26 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Extensions
[2010.06.15 14:10:59 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions
[2010.06.15 14:10:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.01 18:44:24 | 000,000,000 | ---D | M] (References.TV Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{4b897551-0a2b-4159-99e7-3cd721caec78}
[2010.03.10 16:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.04.22 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\firefox@tvunetworks.com
[2010.06.15 14:10:40 | 000,001,819 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\bing.xml
[2010.06.07 19:20:35 | 000,000,873 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\conduit.xml
[2010.06.15 14:11:01 | 000,000,950 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin-1.xml
[2010.06.09 20:50:47 | 000,000,947 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin.xml
[2010.06.07 19:22:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.03.15 15:56:14 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Games Bar 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meine software.lnk = C:\Programme\T-Home\Meine Software\meine software.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell - "" = AutoRun
O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.15 15:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Uniblue
[2010.06.15 15:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.15 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Malwarebytes
[2010.06.15 14:58:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.15 14:58:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.15 13:51:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Local\Windows Server
[2010.06.15 13:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Bilal\AppData\Roaming\lowsec
[2010.06.15 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03
[2010.06.07 19:38:43 | 000,000,000 | ---D | C] -- C:\Programme\phenomedia
[2010.06.07 19:25:43 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.06.07 19:25:43 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.06.07 19:25:43 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.06.07 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software
[2010.06.07 19:25:02 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.06.07 19:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.06.07 19:24:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.07 19:23:42 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_MOTION.TMP
[2010.06.07 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\Bilal\CyberLink
[2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\CyberLink
[2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ARADump
[2010.06.07 19:23:35 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_ROTATE_SLIDE.TMP
[2010.06.07 19:22:32 | 000,000,000 | ---D | C] -- C:\Programme\Search Settings
[2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar
[2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter
[2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Programme\Free Video Converter
[2010.06.07 19:20:25 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.06.07 19:20:23 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.07 19:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\DVDVideoSoft
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.06.07 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\AllDup
[2010.06.07 19:10:26 | 002,344,880 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.2.1.ocx
[2010.06.07 19:10:26 | 001,000,992 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\System32\TList8.ocx
[2010.06.07 19:10:26 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx
[2010.06.07 19:10:26 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx
[2010.06.07 19:10:26 | 000,085,696 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSplitter.ocx
[2010.06.07 19:10:26 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSubclass.dll
[2010.06.07 19:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AllDup
[2010.06.07 19:10:25 | 000,000,000 | ---D | C] -- C:\Programme\AllDup
[2010.06.07 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Desktop\Download Programme
[2010.05.31 21:15:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.05.31 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.20 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games
[2010.05.20 18:27:52 | 000,000,000 | ---D | C] -- C:\Programme\DEUTSCHLAND SPIELT
[2010.05.20 18:27:39 | 000,000,000 | ---D | C] -- C:\Programme\OXXOGames
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.25 20:32:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ICQ
[2010.04.20 22:14:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx
[2010.04.08 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.08 16:49:14 | 000,000,000 | ---D | C] -- C:\Programme\Games_Bar_1
[2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0
[2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.thumbnails
[2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\gegl-0.0
[2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.gimp-2.6
[2010.04.04 11:44:05 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2010.04.03 10:23:44 | 000,000,000 | ---D | C] -- C:\Programme\Wise Disk Cleaner
[2010.04.03 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2010.04.03 10:15:02 | 000,000,000 | ---D | C] -- C:\Programme\Fighters
[2010.02.15 19:56:51 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.15 18:36:03 | 003,145,728 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT
[2010.06.15 18:21:42 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.06.15 18:20:45 | 000,007,592 | ---- | M] () -- C:\Users\Bilal\AppData\Local\d3d9caps.dat
[2010.06.15 18:20:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.15 18:20:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.15 18:20:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.15 18:20:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.15 18:20:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.15 18:20:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.15 17:50:22 | 000,524,288 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.15 17:50:22 | 000,065,536 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.15 17:50:11 | 003,262,813 | -H-- | M] () -- C:\Users\Bilal\AppData\Local\IconCache.db
[2010.06.15 16:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.14 23:50:29 | 000,003,162 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\wklnhst.dat
[2010.06.14 23:50:27 | 000,010,540 | ---- | M] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx
[2010.06.14 19:33:47 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job
[2010.06.14 10:30:52 | 003,951,960 | ---- | M] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3
[2010.06.13 21:24:58 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job
[2010.06.13 10:45:37 | 000,462,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.08 09:24:37 | 000,142,976 | ---- | M] () -- C:\Users\Bilal\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.07 19:49:27 | 000,091,136 | ---- | M] () -- C:\Users\Bilal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.07 11:52:10 | 000,001,398 | ---- | M] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk
[2010.06.07 11:49:55 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.06.07 11:44:57 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.31 21:00:13 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.05.31 21:00:11 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.24 10:14:21 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.24 10:14:21 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.24 10:14:21 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.24 10:14:21 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.24 10:14:21 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.13 22:26:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.04.11 18:43:40 | 000,086,016 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx
[2010.04.04 11:50:49 | 000,000,856 | ---- | M] () -- C:\Users\Bilal\.recently-used.xbel
[2010.03.25 10:33:44 | 000,171,752 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx
[2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.14 23:50:27 | 000,010,540 | ---- | C] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx
[2010.06.14 10:30:51 | 003,951,960 | ---- | C] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3
[2010.06.07 11:49:54 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.06.07 11:44:57 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.31 21:00:13 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.05.31 21:00:13 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job
[2010.05.31 21:00:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.05.31 20:54:03 | 000,001,398 | ---- | C] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk
[2010.04.04 11:50:49 | 000,000,856 | ---- | C] () -- C:\Users\Bilal\.recently-used.xbel
[2010.04.03 10:15:21 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.01.30 10:35:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.23 19:08:04 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.01.23 19:08:04 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.10.24 12:14:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.15 19:45:40 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.06.12 08:50:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.11 13:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos.INI
[2008.06.11 10:28:49 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2008.05.27 08:11:57 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.05.27 08:11:57 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.05.27 08:10:05 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.05.27 07:52:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.05.27 07:52:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.05.26 12:36:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.06.07 19:18:29 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\AllDup
[2008.07.26 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Buhl Data Service GmbH
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.15 15:05:35 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03
[2010.06.10 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter
[2010.04.04 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0
[2010.06.06 12:20:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\ICQ
[2008.10.15 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Leadertech
[2010.06.15 14:52:33 | 000,000,000 | -HSD | M] -- C:\Users\Bilal\AppData\Roaming\lowsec
[2008.12.02 17:42:11 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Red Alert 3
[2008.09.04 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Samsung
[2010.01.26 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\T-Online
[2009.06.28 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\temp
[2008.08.10 10:15:10 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Template
[2010.06.07 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software
[2009.10.28 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Ulead Systems
[2010.06.15 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Uniblue
[2010.06.15 17:50:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.15 18:21:42 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.06.14 19:33:47 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.05.26 14:52:01 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.06.15 18:20:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2008.05.27 07:54:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.05.27 07:54:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.15 18:20:26 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys
[2010.01.26 19:32:49 | 000,000,427 | ---- | M] () -- C:\TO_InstallLog.txt
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >
< End of report >
--- --- ---
__________________
Alt 15.06.2010, 17:46   #4
Bilal1988
 
Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? - Standard

Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.06.2010 18:41:59 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Bilal\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 277,84 Gb Free Space | 62,33% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,02 Gb Free Space | 55,14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BILAL-PC
Current User Name: Bilal
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E16DC47-D205-4C3F-B575-BD69BE5C16CB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9B16966D-8D48-4D35-8601-98813F9F374B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DC892DA5-1B13-4F97-890B-40A818A489CF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F5E728-7C20-4088-9576-4A7400E34F77}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe | 
"{0A972E19-4102-4028-8E9D-989761DE841D}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{10B40C44-9545-48F3-8E5B-8FFDF12B7920}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{1247EC03-416C-43A6-BE6A-DA79F59E2EF5}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{27504290-C2D5-43D7-B94A-B638F414C069}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{33DC2FEC-4BDF-4454-A991-C7FD4FB786D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{38675879-E6E3-4CCB-9152-1D81D6701139}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe | 
"{405BAA7A-5D76-4EA5-B643-1D7069FA3B1C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{40D7386A-4B92-4E77-9B8C-926493495229}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{4C86442F-D973-48D2-A31E-42FC69AD0907}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{5056AC5D-1262-484A-B44C-380F3D70AB34}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe | 
"{5D197E05-0E75-4803-B724-0A4852D2AF9E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5EBF3F45-9D4F-4692-8F8C-2C07CEB0CF65}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{5F8B1396-C3C8-41D8-A8A4-4688DEF88C03}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{6D546FAD-F735-45EB-9BA6-D701E211351D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{714F11E8-DD01-4C3B-B26E-34751DCBF7BE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{76F71244-D405-4542-906D-2A4095421B49}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{95A90A0B-10D7-4C98-A858-4D331C1D3B8C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{9F6700FE-9205-4A77-9E8F-2166DC360AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ABCCEC0B-658B-41EF-B5FA-D2766587E4A7}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{B211E0F4-F5D4-4BD6-88B0-F93F66B08C5A}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe | 
"{B68CCB56-F9B4-4C94-AA56-277682AD988C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{BB297C6B-2984-4D63-915D-664B6EE3F0AD}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{BEDA288E-57C3-45E6-91DA-CA5AAEEDD473}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{C28CA879-C5D7-4217-AEF5-223036E7413D}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{C8F4645C-C31D-4A1A-ADD0-3BFAB47B6D06}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{CDF25EED-406E-44B4-8901-C3BF8E2DFB8C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{D95B8B97-B347-4567-9E0A-A3541876E324}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EA3E73CF-3AC5-4D59-A3E7-D842C9B48A3D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{F0B8CBBF-4E61-4F24-BD3F-601ED459024C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{FE4F939F-45A8-48EB-91C0-46F7A390AB2F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FF1A608B-4328-4B6A-AF40-92563505E0F2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"TCP Query User{2CF9C666-4609-466C-B8B9-0083A08AEB32}C:\users\bilal\desktop\pes2009.exe" = protocol=6 | dir=in | app=c:\users\bilal\desktop\pes2009.exe | 
"TCP Query User{6B1CE62E-075B-4EAF-9910-9908612B57D0}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | 
"TCP Query User{A0CC8D63-ADE4-4744-9D10-4CB73EDCE181}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D911D2B7-B4D7-47E0-952D-7FCCFFEFCCE6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{EDBF380F-8505-4321-B131-36ED3EAEC327}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1470936D-AE4F-44FC-A8BA-3C936857A9C7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{1654793B-D1D3-4DF1-88E3-2793E9BD832C}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{26535369-06E8-4959-92E5-0728E8C65238}C:\users\bilal\desktop\pes2009.exe" = protocol=17 | dir=in | app=c:\users\bilal\desktop\pes2009.exe | 
"UDP Query User{63DEF288-96E6-4C05-9ED3-F1614922F8D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{D0B7033C-F79C-4020-BF05-71F60D075717}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{048DB452-C8B0-4A8D-89AF-84A6B149E1EE}" = Meine Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BDE0CF4C-8DE2-41DB-A845-78D48874E2C6}" = SLOW-PCfighter
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AllDup_is1" = AllDup 3.0.2
"avast!" = avast! Antivirus
"Das Reich des Drachen" = Das Reich des Drachen
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Video Converter_is1" = Free Video Converter V 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Games_Bar_1 Toolbar" = Games_Bar_1 Toolbar
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0)" = Mozilla Firefox (3.0)
"Mystery P.I. – The Vegas Heist" = Mystery P.I. – The Vegas Heist
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SLOW-PCfighter" = SLOW-PCfighter
"Telekom Fotoservice" = Telekom Fotoservice
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.2
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 15.03.2010 18:43:21 | Computer Name = Bilal-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Bilal\AppData\Local\Google\Google Desktop\ea2e27f9b326\uinfo.dat failed,
 00000005.  
 
[ Application Events ]
Error - 25.05.2010 06:31:14 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2010 09:14:18 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2010 09:39:22 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0xbbc, Anwendungsstartzeit
 01cafc0f9926d380.
 
Error - 25.05.2010 09:49:09 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0x17f8, 
Anwendungsstartzeit 01cafc0fb004dc50.
 
Error - 25.05.2010 09:49:40 | Computer Name = Bilal-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18904 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1190  Anfangszeit: 01cafc0c26b63960  Zeitpunkt
 der Beendigung: 11
 
Error - 25.05.2010 15:26:04 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2010 16:54:07 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul IEShims.dll, Version 8.0.6001.18904, Zeitstempel
 0x4b8376f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00021e16,  Prozess-ID 0xcf0, 
Anwendungsstartzeit 01cafc4c6a802710.
 
Error - 26.05.2010 04:38:30 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.05.2010 06:42:17 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000675ff,  Prozess-ID 0x1304, Anwendungsstartzeit
 01cafcbedb1de620.
 
Error - 26.05.2010 09:18:58 | Computer Name = Bilal-PC | Source = ESENT | ID = 215
Description = wlcomm (5084) C:\Users\Bilal\AppData\Local\Microsoft\Windows Live 
Contacts\{20fc84b8-d7f6-4ee4-9ddf-76725d18ba40}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
[ System Events ]
Error - 15.06.2010 09:31:25 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 15.06.2010 09:31:25 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 15.06.2010 12:20:10 | Computer Name = Bilal-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
 
Error - 15.06.2010 12:20:10 | Computer Name = Bilal-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---
Alt 15.06.2010, 20:00   #5
Larusso
/// Selecta Jahrusso
 
Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? - Standard

Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?


Schritt 1

Software mit Revo Uninstaller deinstallieren

Downloade Dir bitte den Revo Uninstaller
  • Doppelklick auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklick auf das Revo Uninstall Icon.
  • Suche Dir nun folgende Software aus der Code-Box.
    Code:
    ATTFilter
    Search Settings v1.2.3
DVDVideoSoftTB Toolbar
Dealio Toolbar
Games Bar 1 Toolbar
    Klicke darauf und bestätige mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
  • Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.

Bebilderte Anleitung


Schritt 2

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.



Schritt 3
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Games Bar 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.)
O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell - "" = AutoRun
O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
[2010.06.15 13:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Bilal\AppData\Roaming\lowsec
[2010.06.15 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03
[2010.06.07 19:22:32 | 000,000,000 | ---D | C] -- C:\Programme\Search Settings
[2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar
[2010.06.07 19:20:25 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.06.07 19:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\DVDVideoSoft
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.04.08 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.08 16:49:14 | 000,000,000 | ---D | C] -- C:\Programme\Games_Bar_1
:services
:files
:reg
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=Dword:00000000
"ProxyServer"=""
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 4

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
/md5start
user32.dll
ws2_32.dll
/md5stop
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread


Bitte poste in Deiner nächsten Antwort
Log von MBAM
Log von OTLFix
OTL.txt

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Geändert von Larusso (15.06.2010 um 20:13 Uhr)

Alt 15.06.2010, 21:36   #6
Bilal1988
 
Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? - Standard

Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4201

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

15.06.2010 22:35:26
mbam-log-2010-06-15 (22-35-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132744
Laufzeit: 4 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Bilal\AppData\Local\Temp\scmroewnxa.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

Antwort

Themen zu Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?
malwarebytes' anti-malware, nicht mehr öffnen


« Probleme mit Installationen | Internet Explorer öffnet von selbst und ungefragt »


Ähnliche Themen: Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?


  1. Malware/Virus Problem mit Datei gambali.dll und gambali64.dll (bei Umbennung/Löschung) kein "Internet"
    Log-Analyse und Auswertung - 29.05.2015 (9)
  2. 550-Host Europe Anti-Virus rejected the mail because it contains malware
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (5)
  3. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  4. Win7: Nach Anti-Malware Scan beim Herunterfahren, Absturz. Virus?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  5. Search.b1.org Virus, und Malwarebytes Anti-Malware findet keine Verdächtige Datei
    Log-Analyse und Auswertung - 09.04.2013 (16)
  6. Virus? Malwarebytes Anti-Malware Logdatei
    Log-Analyse und Auswertung - 02.04.2013 (14)
  7. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  8. 50€ Virus scheinbar beseitigt, Malwarebytes Anti Malware (Keine Rückmeldung)
    Log-Analyse und Auswertung - 07.03.2012 (5)
  9. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  10. Welcher Virus? Anti-Virus startet nicht mehr, MalWare Go
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (1)
  11. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  12. Malware Doktor, hurra.
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (5)
  13. Virus Anti Malware Doktor, wie überprüfe ich vollständige Löschung?
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (3)
  14. Digital Protection Virus trotz Malwarebytes' Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (5)
  15. bericht nach malware defense löschung/mit kreditkarte bezahlt...
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (3)
  16. Virus-scan fand trojan.Dropper, GayCodec.lookAlert...(vollständige liste im thread)
    Log-Analyse und Auswertung - 07.01.2010 (30)
  17. Frage zur Löschung / Nicht-Löschung von Prozessen (HiJack detected)
    Log-Analyse und Auswertung - 20.07.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? - hallo Marvin_1980 ich hab genau das selbe problem gehabt wie du dann hab ich auch das programm Malwarebytes' Anti-Malware installiert bei mir ist der virus weg so wie es aussieht - Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?...
Archiv
Du betrachtest: Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131