| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.08.2011, 00:58
| #1 |
 |  Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter... Auf meinem Laptop gibt es paar Problem zum Beispiel: *Der Google leitet auf "Goingonearth" weiter! *Sicherheitcenter wenn ich aktiviere (von Dienste) deaktiviert er sich automatisch wieder nach 2-3 sek. *Windows-Defender wenn ich öffne schließt sich schnell. |
|
01.08.2011, 11:04
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter... Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
01.08.2011, 13:55
| #3 |
| | Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter... Malwarebytes Log:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7326
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
01.08.2011 14:00:01
mbam-log-2011-08-01 (14-00-01).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 401507
Laufzeit: 50 Minute(n), 55 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 01.08.2011 14:02:28 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Engin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 61,72% Memory free 7,81 Gb Paging File | 6,24 Gb Available in Paging File | 79,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,22 Gb Total Space | 231,34 Gb Free Space | 81,11% Space Free | Partition Type: NTFS Drive D: | 12,68 Gb Total Space | 12,33 Gb Free Space | 97,28% Space Free | Partition Type: NTFS Computer Name: ENGIN-PC | User Name: Engin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Engin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.) PRC - C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Users\Engin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (IDT, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (DynDNS Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (AVFSFilter) -- C:\Windows\SysNative\drivers\avfsfilter.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://hp-notebook.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 F3 99 0F 9E E3 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.22 21:00:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.23 09:15:58 | 000,000,000 | ---D | M] [2011.04.20 19:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Engin\AppData\Roaming\mozilla\Extensions [2011.04.20 19:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Engin\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2011.07.13 18:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\6fiykbv2.Server2Go\extensions [2011.07.13 18:50:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\6fiykbv2.Server2Go\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.13 18:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\eoymnwv8.Server2Go\extensions [2011.07.13 18:50:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\eoymnwv8.Server2Go\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.10 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\hdeqnhko.default\extensions [2010.07.29 16:24:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\hdeqnhko.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.01 20:51:49 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\hdeqnhko.default\extensions\de_DE@dicts.j3e.de [2011.07.22 20:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\in4ml7ho.default\extensions [2011.07.13 18:50:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\in4ml7ho.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.22 20:41:35 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Engin\AppData\Roaming\mozilla\Firefox\Profiles\in4ml7ho.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} [2011.01.11 22:44:04 | 000,002,071 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Mozilla\Firefox\Profiles\hdeqnhko.default\searchplugins\absearch-search.xml [2011.01.27 15:08:08 | 000,002,059 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Mozilla\Firefox\Profiles\hdeqnhko.default\searchplugins\daemon-search.xml [2011.06.17 17:05:13 | 000,000,950 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Mozilla\Firefox\Profiles\hdeqnhko.default\searchplugins\icqplugin-3.xml [2010.09.16 20:17:06 | 000,000,950 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Mozilla\Firefox\Profiles\hdeqnhko.default\searchplugins\icqplugin-4.xml [2010.10.20 21:53:28 | 000,000,950 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Mozilla\Firefox\Profiles\hdeqnhko.default\searchplugins\icqplugin-5.xml [2010.10.22 14:08:30 | 000,000,950 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Mozilla\Firefox\Profiles\hdeqnhko.default\searchplugins\icqplugin-6.xml [2010.07.09 17:37:19 | 000,000,947 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Mozilla\Firefox\Profiles\hdeqnhko.default\searchplugins\icqplugin.xml [2011.07.22 21:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.08.28 00:07:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.22 14:20:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.03 14:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.04 21:08:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.18 20:25:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\ENGIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDEQNHKO.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\ENGIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDEQNHKO.DEFAULT\EXTENSIONS\FURNICHECK@HABBOTIMES.NET.XPI [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2011.01.11 22:38:28 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.24 10:04:17 | 000,000,722 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 74.53.201.162 O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org O1 - Hosts: 127.0.0.1 188.165.234.50 O1 - Hosts: 127.0.0.1 209.160.22.33 O1 - Hosts: 127.0.0.1 38.117.98.208127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - Reg Error: Value error. File not found O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [shockwave.exe] C:\Users\Engin\AppData\Roaming\Microsoft\Protect\Credentials\shockwave.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Engin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Engin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Skype - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.01 13:09:26 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Engin\Desktop\OTL.exe [2011.07.30 14:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nLite [2011.07.29 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2011.07.29 15:53:20 | 000,000,000 | ---D | C] -- C:\xampp [2011.07.26 21:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.07.26 20:50:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2011.07.26 20:44:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.26 20:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.26 20:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.26 20:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.07.24 20:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.24 20:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.07.24 15:22:59 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS [2011.07.24 15:20:01 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT [2011.07.24 00:54:51 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Roaming\Malwarebytes [2011.07.24 00:50:52 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.07.24 00:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2011.07.24 00:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2011.07.24 00:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2011.07.24 00:19:01 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Roaming\Fighters [2011.07.23 10:43:34 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Web-X Tv Pro v1.1 [2011.07.23 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Roaming\Avira [2011.07.23 10:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.07.23 10:31:47 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.07.23 10:31:47 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.07.23 10:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.07.23 10:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.07.21 22:00:54 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Roaming\Template [2011.07.21 21:58:02 | 000,000,000 | ---D | C] -- C:\Users\Engin\Documents\CyberLink [2011.07.19 16:55:47 | 000,000,000 | ---D | C] -- C:\Users\Engin\Privat [2011.07.16 10:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.07.15 11:51:18 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Local\fabi.me [2011.07.15 10:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal [2011.07.15 10:06:01 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [2011.07.13 18:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.07.13 18:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Plasmoo [2011.07.08 18:44:25 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Roaming\Startup [2011.07.07 13:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies [2011.07.07 13:07:40 | 000,000,000 | ---D | C] -- C:\Users\Engin\AppData\Roaming\muvee Technologies [1 C:\Users\Engin\*.tmp files -> C:\Users\Engin\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.01 13:09:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Engin\Desktop\OTL.exe [2011.08.01 12:13:45 | 000,023,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.01 12:13:45 | 000,023,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.01 12:06:06 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Vogrgxtin.job [2011.08.01 12:06:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.01 12:05:55 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys [2011.07.30 20:34:10 | 000,776,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.30 20:34:10 | 000,729,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.30 20:34:10 | 000,175,984 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.30 20:34:10 | 000,147,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.30 20:33:45 | 000,000,023 | ---- | M] () -- C:\Windows\ODBCINST.INI [2011.07.30 20:29:57 | 001,855,846 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.26 20:44:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.26 19:43:33 | 000,058,771 | ---- | M] () -- C:\Windows\diagerr.xml [2011.07.26 19:43:33 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2011.07.26 19:23:29 | 001,826,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.25 14:35:00 | 000,000,147 | ---- | M] () -- C:\Windows\wininit.ini [2011.07.24 20:30:10 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.07.24 10:14:22 | 000,001,416 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2011.07.23 23:03:42 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.07.23 23:03:42 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.07.23 10:31:56 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.07.23 10:28:28 | 000,001,020 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk [2011.07.23 09:51:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2011.07.22 21:18:38 | 000,066,048 | RHS- | M] () -- C:\Windows\SysWow64\setupcln6.dll [2011.07.22 21:00:28 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.07.21 22:00:53 | 000,000,000 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\wklnhst.dat [2011.07.17 11:26:47 | 000,008,704 | ---- | M] () -- C:\Users\Engin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.15 21:57:11 | 004,936,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.10 00:01:23 | 001,107,874 | -H-- | M] () -- C:\Users\Engin\AppData\Roaming\Enginlog.dat [2011.07.08 18:44:34 | 000,058,141 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Engin3SQLite3.dll [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Users\Engin\*.tmp files -> C:\Users\Engin\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.30 16:21:57 | 000,001,003 | ---- | C] () -- C:\Users\Engin\Desktop\CCleaner.lnk [2011.07.26 20:44:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.24 22:30:19 | 000,000,147 | ---- | C] () -- C:\Windows\wininit.ini [2011.07.24 20:21:00 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.07.24 15:18:34 | 000,058,771 | ---- | C] () -- C:\Windows\diagerr.xml [2011.07.24 15:18:34 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml [2011.07.24 10:10:04 | 000,001,416 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2011.07.23 10:31:56 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.07.23 09:51:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2011.07.22 21:18:38 | 000,066,048 | RHS- | C] () -- C:\Windows\SysWow64\setupcln6.dll [2011.07.22 21:18:38 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\Vogrgxtin.job [2011.07.22 21:00:28 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.07.22 21:00:28 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.07.21 22:00:53 | 000,000,000 | ---- | C] () -- C:\Users\Engin\AppData\Roaming\wklnhst.dat [2011.07.08 18:44:34 | 000,058,141 | ---- | C] () -- C:\Users\Engin\AppData\Roaming\Engin3SQLite3.dll [2011.06.20 21:30:38 | 000,001,854 | ---- | C] () -- C:\Users\Engin\AppData\Roaming\GhostObjGAFix.xml [2011.06.18 23:54:11 | 000,404,753 | ---- | C] () -- C:\Users\Engin\AppData\Local\TempEngin-PC [2011.05.14 16:08:32 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2011.01.15 01:08:10 | 000,001,471 | ---- | C] () -- C:\Users\Engin\AppData\Local\RecConfig.xml [2010.10.25 20:41:07 | 000,000,600 | ---- | C] () -- C:\Users\Engin\AppData\Local\PUTTY.RND [2010.07.06 14:07:02 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.06.29 19:15:30 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.06.29 15:41:35 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2010.06.29 15:40:32 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.06.29 15:40:11 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.05.22 10:02:00 | 000,008,704 | ---- | C] () -- C:\Users\Engin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.30 20:18:16 | 000,005,080 | ---- | C] () -- C:\ProgramData\kbkwknay.ayh [2010.04.11 19:09:25 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.04.11 18:55:43 | 001,855,846 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.08 17:44:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.11.09 15:13:36 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.11.05 02:28:57 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2009.11.05 02:28:57 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.08.27 18:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.27 18:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.27 18:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.27 18:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005.09.15 08:16:27 | 001,107,874 | -H-- | C] () -- C:\Users\Engin\AppData\Roaming\Enginlog.dat ========== LOP Check ========== [2011.01.15 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Activision [2010.10.22 13:25:55 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\AnvSoft [2011.02.08 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Auslogics [2010.08.06 22:57:27 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Avnex [2011.06.18 19:10:47 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\BitTorrent [2011.01.06 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\C__Users_Engin_AppData_Local_Temp_Rar$EX00.966_RealHideIP.exe [2010.10.22 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DAEMON Tools Lite [2010.06.06 09:52:36 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DeepBurner Pro [2011.07.29 13:57:10 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DVDVideoSoft [2010.12.25 13:23:15 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.11 20:57:36 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\FacebookHackerPro [2010.09.12 16:43:43 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\FAlterSoft [2011.07.26 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Fighters [2011.08.01 01:06:43 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\FileZilla [2011.01.03 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\FreeHideIP [2011.03.13 17:03:06 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\GetRightToGo [2010.10.29 23:17:22 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\gtk-2.0 [2011.01.12 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Gutscheinmieze [2010.06.30 15:16:49 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Hardcore [2010.08.09 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Juce VST Host [2011.06.24 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\MAGIX [2010.04.30 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\MOVAVI [2010.08.08 20:58:21 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\MSNRecorderMax [2011.07.07 13:09:11 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\muvee Technologies [2010.06.13 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Notepad++ [2010.10.30 17:41:29 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Nvu [2010.09.12 19:54:29 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\OpenCandy [2010.12.31 00:06:09 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Opera [2011.03.29 17:37:36 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\PC Suite [2010.12.07 19:01:52 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\PCFix [2010.07.02 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\PoiZone [2010.07.02 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Sakura [2010.07.02 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Sawer [2010.11.18 00:04:33 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Scribus [2011.07.23 09:47:53 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Startup [2010.08.28 16:10:10 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Synthesia [2010.12.30 20:01:15 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\TeamViewer [2011.07.21 22:00:54 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Template [2010.04.25 10:58:42 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Tific [2010.10.13 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\TS3Client [2011.03.31 18:38:51 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\TuneUp Software [2010.12.02 19:35:20 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Web Page Maker [2011.07.24 12:17:41 | 000,000,000 | RHSD | M] -- C:\Users\Engin\AppData\Roaming\WinDir [2011.03.16 17:42:08 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\_MDLogs [2011.07.26 21:55:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.08.01 12:06:06 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\Vogrgxtin.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.15 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Activision [2011.06.21 15:11:49 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Adobe [2010.10.18 15:13:07 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Ahead [2010.10.22 13:25:55 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\AnvSoft [2011.05.28 20:41:39 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Apple Computer [2011.02.08 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Auslogics [2011.07.23 10:36:18 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Avira [2010.08.06 22:57:27 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Avnex [2011.06.18 19:10:47 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\BitTorrent [2011.02.07 21:12:42 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\CyberLink [2011.01.06 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\C__Users_Engin_AppData_Local_Temp_Rar$EX00.966_RealHideIP.exe [2010.10.22 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DAEMON Tools Lite [2010.06.06 09:52:36 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DeepBurner Pro [2010.05.23 13:58:31 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DivX [2011.07.29 13:57:10 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DVDVideoSoft [2010.12.25 13:23:15 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.11 20:57:36 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\FacebookHackerPro [2010.09.12 16:43:43 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\FAlterSoft [2011.07.26 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Fighters [2011.08.01 01:06:43 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\FileZilla [2011.01.03 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\FreeHideIP [2011.03.13 17:03:06 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\GetRightToGo [2011.04.11 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Google [2010.10.29 23:17:22 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\gtk-2.0 [2011.01.12 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Gutscheinmieze [2010.06.30 15:16:49 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Hardcore [2011.03.18 18:26:33 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Hewlett-Packard [2011.03.17 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\HP Support Assistant [2011.03.17 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\hpqlog [2011.03.17 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\HpUpdate [2010.04.07 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Identities [2010.08.09 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Juce VST Host [2010.04.07 23:00:56 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Macromedia [2011.06.24 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\MAGIX [2011.07.24 00:54:51 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Malwarebytes [2009.11.05 11:21:14 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Media Center Programs [2011.07.21 22:00:53 | 000,000,000 | RHSD | M] -- C:\Users\Engin\AppData\Roaming\Microsoft [2010.04.30 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\MOVAVI [2010.04.07 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Mozilla [2010.08.08 20:58:21 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\MSNRecorderMax [2011.07.07 13:09:11 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\muvee Technologies [2010.10.18 15:44:36 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Nero [2010.06.13 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Notepad++ [2010.10.30 17:41:29 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Nvu [2010.09.12 19:54:29 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\OpenCandy [2010.12.31 00:06:09 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Opera [2011.03.29 17:37:36 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\PC Suite [2010.12.07 19:01:52 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\PCFix [2010.07.02 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\PoiZone [2010.07.02 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Sakura [2010.07.02 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Sawer [2010.11.18 00:04:33 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Scribus [2011.01.11 19:51:56 | 000,000,000 | RH-D | M] -- C:\Users\Engin\AppData\Roaming\SecuROM [2010.10.12 10:28:21 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Skype [2010.10.09 11:23:35 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\skypePM [2011.07.23 09:47:53 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Startup [2010.08.28 16:10:10 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Synthesia [2010.10.03 21:30:06 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\teamspeak2 [2010.12.30 20:01:15 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\TeamViewer [2011.07.21 22:00:54 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Template [2010.04.25 10:58:42 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Tific [2010.10.13 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\TS3Client [2011.03.31 18:38:51 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\TuneUp Software [2011.06.21 14:06:56 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\vlc [2010.12.02 19:35:20 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\Web Page Maker [2011.07.24 12:17:41 | 000,000,000 | RHSD | M] -- C:\Users\Engin\AppData\Roaming\WinDir [2010.04.11 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\WinRAR [2011.03.16 17:42:08 | 000,000,000 | ---D | M] -- C:\Users\Engin\AppData\Roaming\_MDLogs < %APPDATA%\*.exe /s > [2011.04.11 20:57:49 | 003,182,080 | ---- | M] (Google) -- C:\Users\Engin\AppData\Roaming\FacebookHackerPro\Facebook Hacker Pro Installer\1.0.0.0\TSetup.exe [2011.04.11 20:57:52 | 000,370,176 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Google\Google Bar\1.0.0.0\setup.exe [2010.06.10 15:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Engin\AppData\Roaming\Gutscheinmieze\uninstall.exe [2010.07.29 17:29:47 | 002,568,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Engin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2011.06.18 19:05:20 | 000,000,000 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\Microsoft\Protect\Credentials\shockwave.exe [2010.09.12 19:54:30 | 000,331,304 | ---- | M] () -- C:\Users\Engin\AppData\Roaming\OpenCandy\OpenCandy_362D42693EEE428DBB224026E3C26007\DLMgr_3_1.6.44.exe [2010.03.05 23:42:26 | 004,004,928 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Engin\AppData\Roaming\OpenCandy\OpenCandy_362D42693EEE428DBB224026E3C26007\registrybooster(9).exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll [2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.07.22 21:18:38 | 000,066,048 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\setupcln6.dll < End of report > |
|
01.08.2011, 14:12
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter... Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
Textbox.
.
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! 
Linear-Darstellung
