Cpu zu hoch = notebook viel langsamer geworden

thugtr1905 · 27.08.2012, 14:15

guten tag @ alle trojaner board user. ich habe seit einigen monaten ein problem mit meinem sony vaio VPCEJ aus irgendeinem grund ist mein cpu einfach viel zu hoch auch wenn ich nichts unternehme ist er bei 70-100 % ich habe schon versucht die prozesse nacheinander zu beenden um zu sehen was das problem ist leider kein ergebnis habe auch diverse antivierenprogramme durchlaufen lassen leider auch nichts gefunden und da ich keine so großen kenntnisse mit einem computer habe bitte ich um eure hilfe wie ich vorgehen könnte um das problem zu finden und dan zu beseitigen. ich hoffe mir wird hir geholfen. Vielen dank und lg

hatt niemand wirklich ein tipp ??.. bitte

kira · 28.08.2012, 08:02

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Hast du in der letzten Zeit:

Irgendwas an deinem System geändert?
Programme/Treiber/Spiele installiert,Update gezogen..etc - und waren die Quellen sicher?

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

thugtr1905 · 28.08.2012, 14:37

Hallo Zu aller erst Sehr vielen dank und danke für die ausführliche erklärung

Code:

ATTFilter

OTL logfile created on: 28.08.2012 15:18:37 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Cem\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 48,12% Memory free
7,90 Gb Paging File | 5,47 Gb Available in Paging File | 69,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 296,62 Gb Free Space | 65,66% Space Free | Partition Type: NTFS
 
Computer Name: CEM-VAIO | User Name: Cem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Cem\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe ()
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Personalization Manager\VpmIfPav.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SystemStore) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (VBTUSB) -- C:\Windows\SysNative\drivers\VBTUSB.sys (Sony Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=130812_ppcs1_3312_5&babsrc=SP_ss&mntrId=8c655c45000000000000eeaf78c79fbd
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE455
IE - HKCU\..\SearchScopes\{6DF79594-B1FF-4841-A91C-A76464A981BB}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={B837E5A0-104E-4EC3-B622-FD3A15C6E531}&mid=1a218bf5b09147d0a059a9cd7a0c144e-fd14da3cf89db86c55c70c94fbaac5efc6024160&lang=de&ds=gh011&pr=sa&d=2012-04-04 22:14:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQGDag7sm&i=26
IE - HKCU\..\SearchScopes\{E6B9BE99-CE0D-43BC-833F-AA02F3AEBBA1}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..CT3197087.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cem\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cem\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cem\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.08.15 14:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.08.15 17:49:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.08.15 17:49:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.08.15 17:49:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.15 14:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.16 00:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.14 16:24:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Cem\AppData\Roaming\11016 [2012.04.20 15:53:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.15 17:50:13 | 000,000,000 | ---D | M]
 
[2012.08.15 17:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cem\AppData\Roaming\mozilla\Extensions
[2012.08.16 00:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cem\AppData\Roaming\mozilla\Firefox\Profiles\nyfmiz3l.default\extensions
[2012.08.16 00:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.16 00:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.04.20 15:53:56 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\CEM\APPDATA\ROAMING\11016
[2012.08.16 00:23:49 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\CEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NYFMIZ3L.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.08.09 01:28:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.09 20:49:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.04 22:14:44 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.15 15:00:55 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.09 20:49:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.09 20:49:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.09 20:49:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.09 20:49:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.09 20:49:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblnhhgpgomleanhbppdnkpofhjijgdp\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Cem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Cem\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: iNTERNET TURBO = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblnhhgpgomleanhbppdnkpofhjijgdp\2.3.15.10_0\
CHR - Extension: Web Assistant = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2012.06.15 23:26:20 | 000,614,287 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  am1.activemeter.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ad2games.com
O1 - Hosts: 16325 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09152F0B-739C-4DEC-A245-1AA8A37594F1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)
O4 - HKCU..\Run: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\d3dy9jaqt.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4763B83E-DDAC-4D2F-8970-5D248C22E166}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E33CBF99-1C0D-4ED4-BCB6-F7FFFD3EB0A1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22565~1.25\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8bfb4226-2cf3-11e1-b540-78843ce8fdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{8bfb4226-2cf3-11e1-b540-78843ce8fdbd}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{add1f591-a1bb-11e1-afde-ccaf78c79fbe}\Shell - "" = AutoRun
O33 - MountPoints2\{add1f591-a1bb-11e1-afde-ccaf78c79fbe}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 15:16:10 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Cem\Desktop\OTL.exe
[2012.08.27 15:35:58 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.08.27 15:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.08.27 15:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012.08.26 03:26:19 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Busta Rhymes - Year Of The Dragon (Album)
[2012.08.26 03:24:40 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Tamia - Beautiful Surprise (Album)-(2012)
[2012.08.25 17:49:43 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Ginuwine
[2012.08.25 15:32:40 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Nas
[2012.08.25 14:33:19 | 000,000,000 | -H-D | C] -- C:\Users\Cem\Desktop\IMG_0414.JPG.files
[2012.08.25 14:21:31 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\800AAAAA
[2012.08.25 01:49:10 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\Rockstar Games
[2012.08.25 01:49:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.08.19 14:42:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.08.18 17:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.08.18 17:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.08.18 14:33:14 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\SoftGrid Client
[2012.08.18 14:33:12 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\SoftGrid Client
[2012.08.18 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.08.18 14:32:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.08.18 14:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.08.18 14:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.08.18 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\TP
[2012.08.17 23:30:16 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\aaliyah
[2012.08.16 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Essential RnB Collection (2012)
[2012.08.16 17:49:51 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\channel ORANGE (Explicit Version)
[2012.08.16 16:14:55 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Trey Songz - Chapter V (Album)
[2012.08.16 00:30:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 00:30:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 00:30:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 00:30:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 00:30:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 00:30:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 00:30:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 00:30:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 00:30:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 00:30:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 00:30:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 00:30:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 00:30:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 00:17:19 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.16 00:17:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.16 00:17:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.16 00:17:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.16 00:17:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 00:17:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 00:17:10 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 00:17:06 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.15 22:31:20 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Magazeen - Anthology
[2012.08.15 21:37:22 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\DCIM
[2012.08.15 21:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.08.15 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.15 19:30:48 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Avira
[2012.08.15 19:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.15 19:21:15 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.15 19:21:15 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.15 19:21:15 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.15 19:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.15 19:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.15 17:52:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.08.15 17:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.08.15 15:01:34 | 000,000,000 | ---D | C] -- C:\Users\Cem\Start Menu
[2012.08.15 15:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.08.15 14:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.08.15 14:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.08.15 14:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software4u
[2012.08.15 14:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.08.15 14:08:46 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\iphone bilder
[2012.08.15 03:44:03 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\TXT
[2012.08.14 23:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Neuer Ordner (2)
[2012.08.14 20:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.08.14 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.08.14 20:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.08.14 20:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.08.12 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Octoshape
[2012.08.11 23:19:46 | 000,000,000 | ---D | C] -- C:\Users\Cem\amsn
[2012.08.11 23:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aMSN
[2012.08.11 23:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\aMSN
[2012.08.11 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Foxit Software
[2012.08.11 20:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.08.11 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.08.11 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.08.11 19:56:21 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.08.10 21:27:22 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{DD5BA8AE-5BD5-498C-BB8A-81CEA12F136E}
[2012.08.10 21:27:11 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{B2A9975A-7460-4A8F-8B6C-43875A5A343B}
[2012.08.10 18:05:11 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{8E3A3B28-6FDC-4FF7-B0A6-C20974B866CE}
[2012.08.10 18:05:00 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{1E0B80E1-7663-43F7-8758-5745BF5DAB77}
[2012.08.09 18:11:20 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{07594D09-DFA3-44BD-A44E-133D31FD9802}
[2012.08.09 18:11:07 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{855535C6-C7A8-40D0-B90C-3E04C6C5F5AC}
[2012.08.08 16:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{B4A27A27-1E83-4FB2-9843-2CC5B2D3321E}
[2012.08.08 16:42:15 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{51B81C72-7A98-49C8-9CF5-3803DFB2B042}
[2012.08.07 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{7A2ADD0C-507A-42E4-B56A-07E32DACB1EC}
[2012.08.07 20:20:29 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{DD5EB11C-81ED-4FA3-86C8-DA2BDF9C5B19}
[2012.08.06 18:58:46 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{6690BE1A-8F42-4A0A-B1BF-488DD8E13438}
[2012.08.06 18:58:35 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{23BE6CD6-3B22-470C-A291-C638F71E9E54}
[2012.08.05 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{DE66C31F-ED74-4B24-8DF7-85B3D7549AA1}
[2012.08.05 15:33:36 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{5F46B31E-2C12-4B5A-A6BD-FA61D39C5101}
[2012.08.05 00:20:08 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Babylon
[2012.08.05 00:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.08.05 00:18:21 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Free Windows Tuner
[2012.08.05 00:17:56 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\CRE
[2012.08.05 00:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.08.05 00:17:13 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\Conduit
[2012.08.04 23:30:47 | 000,000,000 | ---D | C] -- C:\Users\Cem\Documents\Sony PMB
[2012.08.04 23:22:41 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment
[2012.08.04 23:14:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.04 15:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{5A2F884E-74F7-4665-8D0E-BB6D81A9846F}
[2012.08.04 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{66CB2CBA-A74F-404D-93F6-6AF5BE5F4A86}
[2012.08.03 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{E57B875C-CDAC-4077-B5EF-E8D378B130D8}
[2012.08.03 15:37:44 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{C9DC614D-BD68-4E0E-A82B-035ABE8636BA}
[2012.07.30 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{E3106C89-7D14-4B1D-A758-BCA126AB6FE9}
[2012.07.30 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{D76B0945-B4EB-4054-89AD-6C4FD467E603}
[2012.07.29 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{7CA531A3-96B7-4236-A670-FB08D91CD240}
[2012.07.29 22:33:57 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{022CA167-087A-41CC-988D-B4223153C5A7}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Cem\AppData\Roaming\*.tmp files -> C:\Users\Cem\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.28 15:17:03 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-239044353-2965356428-2424906931-1000UA.job
[2012.08.28 15:16:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Cem\Desktop\OTL.exe
[2012.08.28 14:55:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-239044353-2965356428-2424906931-1000UA.job
[2012.08.28 14:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.28 14:31:06 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.28 14:23:37 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 14:23:37 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 14:17:59 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 14:16:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 14:16:38 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 21:20:12 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-239044353-2965356428-2424906931-1000Core.job
[2012.08.27 18:04:13 | 008,502,045 | ---- | M] () -- C:\Users\Cem\Desktop\Nas - Escobar - [MP3JUICES.COM].mp3
[2012.08.27 17:03:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-239044353-2965356428-2424906931-1000Core.job
[2012.08.27 15:35:58 | 000,001,007 | ---- | M] () -- C:\Users\Cem\Desktop\SpeedFan.lnk
[2012.08.27 15:35:57 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.08.26 03:16:09 | 003,457,540 | ---- | M] () -- C:\Users\Cem\Desktop\Wet My Whistle.mp3
[2012.08.25 22:59:17 | 006,072,218 | ---- | M] () -- C:\Users\Cem\Desktop\Red+Cafe-+Champagne+For+The+Pain+Feat.+Young+Jeezy+-whattupmyguy.com.mp3.mp3
[2012.08.22 00:56:30 | 000,002,439 | ---- | M] () -- C:\Users\Cem\Desktop\Google Chrome.lnk
[2012.08.21 14:14:37 | 001,645,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.21 14:14:37 | 000,708,408 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.21 14:14:37 | 000,661,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.21 14:14:37 | 000,153,604 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.21 14:14:37 | 000,125,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.19 17:22:36 | 001,672,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.18 14:33:01 | 000,002,461 | ---- | M] () -- C:\Users\Cem\Desktop\Microsoft Word Starter 2010.lnk
[2012.08.16 00:34:53 | 000,297,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.16 00:23:18 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.15 21:30:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.15 20:08:06 | 004,676,962 | ---- | M] () -- C:\Users\Cem\Desktop\Bobby+V+Ft+Magazeen-Whats+Your+Name.mp3.mp3
[2012.08.15 19:29:48 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.15 19:24:11 | 005,136,213 | ---- | M] () -- C:\Users\Cem\Desktop\James Fauntleroy - Idiot.mp3
[2012.08.15 19:16:33 | 002,710,927 | ---- | M] () -- C:\Users\Cem\Desktop\Joe -Street Dreams.mp3
[2012.08.15 19:02:43 | 005,923,225 | ---- | M] () -- C:\Users\Cem\Desktop\Keyshia Cole Ft. Nicki Minaj -I Aint Thru.mp3
[2012.08.15 18:04:03 | 000,001,161 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.08.15 15:01:28 | 000,000,765 | ---- | M] () -- C:\user.js
[2012.08.14 23:55:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.14 23:55:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 20:21:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.14 18:41:36 | 000,282,836 | ---- | M] () -- C:\test.xml
[2012.08.11 23:19:32 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\aMSN.lnk
[2012.08.11 20:58:50 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.08.11 19:56:21 | 000,001,264 | ---- | M] () -- C:\Users\Cem\Desktop\Revo Uninstaller.lnk
[2012.08.09 20:17:29 | 000,020,295 | -HS- | M] () -- C:\Users\Cem\Desktop\AlbumArt_{0BC40635-5678-4246-9123-071D094E7261}_Large.jpg
[2012.08.09 20:17:29 | 000,005,585 | -HS- | M] () -- C:\Users\Cem\Desktop\AlbumArt_{0BC40635-5678-4246-9123-071D094E7261}_Small.jpg
[2012.08.05 15:15:22 | 000,007,597 | ---- | M] () -- C:\Users\Cem\AppData\Local\Resmon.ResmonCfg
[2012.08.05 00:18:08 | 000,000,009 | ---- | M] () -- C:\END
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Cem\AppData\Roaming\*.tmp files -> C:\Users\Cem\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.27 18:03:46 | 008,502,045 | ---- | C] () -- C:\Users\Cem\Desktop\Nas - Escobar - [MP3JUICES.COM].mp3
[2012.08.27 15:35:58 | 000,001,007 | ---- | C] () -- C:\Users\Cem\Desktop\SpeedFan.lnk
[2012.08.27 15:35:57 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.08.26 03:15:59 | 003,457,540 | ---- | C] () -- C:\Users\Cem\Desktop\Wet My Whistle.mp3
[2012.08.25 22:59:03 | 006,072,218 | ---- | C] () -- C:\Users\Cem\Desktop\Red+Cafe-+Champagne+For+The+Pain+Feat.+Young+Jeezy+-whattupmyguy.com.mp3.mp3
[2012.08.18 14:43:35 | 000,002,461 | ---- | C] () -- C:\Users\Cem\Desktop\Microsoft Word Starter 2010.lnk
[2012.08.15 21:30:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.15 20:07:50 | 004,676,962 | ---- | C] () -- C:\Users\Cem\Desktop\Bobby+V+Ft+Magazeen-Whats+Your+Name.mp3.mp3
[2012.08.15 19:23:58 | 005,136,213 | ---- | C] () -- C:\Users\Cem\Desktop\James Fauntleroy - Idiot.mp3
[2012.08.15 19:21:24 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.15 19:13:42 | 004,229,713 | ---- | C] () -- C:\Users\Cem\Desktop\Daron_Jones_Feat_D4l_-_Dance_For_Me.mp3
[2012.08.15 19:06:36 | 002,710,927 | ---- | C] () -- C:\Users\Cem\Desktop\Joe -Street Dreams.mp3
[2012.08.15 19:02:28 | 005,923,225 | ---- | C] () -- C:\Users\Cem\Desktop\Keyshia Cole Ft. Nicki Minaj -I Aint Thru.mp3
[2012.08.15 15:00:13 | 000,001,161 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.08.15 14:58:57 | 000,000,765 | ---- | C] () -- C:\user.js
[2012.08.14 20:21:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.11 23:19:32 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\aMSN.lnk
[2012.08.11 20:58:50 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.08.11 19:56:21 | 000,001,264 | ---- | C] () -- C:\Users\Cem\Desktop\Revo Uninstaller.lnk
[2012.08.09 18:43:30 | 000,020,295 | -HS- | C] () -- C:\Users\Cem\Desktop\AlbumArt_{0BC40635-5678-4246-9123-071D094E7261}_Large.jpg
[2012.08.09 18:43:30 | 000,005,585 | -HS- | C] () -- C:\Users\Cem\Desktop\AlbumArt_{0BC40635-5678-4246-9123-071D094E7261}_Small.jpg
[2012.08.05 00:18:07 | 000,000,009 | ---- | C] () -- C:\END
[2012.05.21 16:49:05 | 000,007,597 | ---- | C] () -- C:\Users\Cem\AppData\Local\Resmon.ResmonCfg
[2012.05.03 16:26:19 | 000,017,408 | ---- | C] () -- C:\Users\Cem\AppData\Local\WebpageIcons.db
[2012.04.10 16:51:56 | 000,000,016 | ---- | C] () -- C:\Users\Cem\AppData\Roaming\blckdom.res
[2012.03.23 23:34:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.02.24 18:03:41 | 000,001,469 | ---- | C] () -- C:\Users\Cem\.recently-used.xbel
[2012.02.09 22:38:10 | 000,000,042 | ---- | C] () -- C:\Users\Cem\AppData\Roaming\TheHunterSettings_local.cfg
[2012.02.09 21:16:35 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012.02.09 21:16:35 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012.02.09 21:16:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012.02.09 20:34:14 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.01.13 02:30:57 | 000,000,355 | ---- | C] () -- C:\Users\Cem\Computer - Verknüpfung.lnk
[2012.01.03 20:55:46 | 000,000,091 | ---- | C] () -- C:\Users\Cem\AppData\Local\fusioncache.dat
[2011.03.30 03:46:48 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.30 03:46:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.30 03:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 01:03:27 | 001,672,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 28.08.2012 15:18:37 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Cem\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 48,12% Memory free
7,90 Gb Paging File | 5,47 Gb Available in Paging File | 69,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 296,62 Gb Free Space | 65,66% Space Free | Partition Type: NTFS
 
Computer Name: CEM-VAIO | User Name: Cem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00862614-BB1F-49EA-A520-F30841D618A6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0E030334-CDDF-43DC-94EA-5269430F41A7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1297EEC3-F0C4-4C5B-97FD-8FD430BB7436}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{15B138F6-A4CB-4734-B54E-9D84C96ECB03}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C9C0C0C-0848-41CD-B7B5-CA8102FD5D70}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{1F8AEFCA-0A78-4C80-A83E-B45B78F0BBAD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2B89EABF-D3C7-4129-B104-FC555B83C83F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{392DEA36-1A3B-4050-A7E1-9702C316C2AD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3A2E61A2-A599-4452-90D4-99CF1BEB26B3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{455619B3-ED08-43B8-851E-B9C73D9FBF03}" = lport=445 | protocol=6 | dir=in | app=system | 
"{50BBDB99-B963-4F2D-ADDC-CBC7A028D4F4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{549C6195-A999-4B4F-9F5F-469EA37625BD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6450AEA8-DB9B-483B-9F63-01B53A0BECAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6871F73F-1D12-4064-A198-CDE0DDF089E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{69DE34AD-A201-4812-BC75-85ADC02AB3CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7010C207-6ABB-4B5B-9456-71C8DF192944}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7B0A040F-BB95-437F-A5FA-4A0D0704F28B}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe | 
"{7E99CC0F-CDFE-4B38-8070-6D62A6FCF9F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D3C0D21-082F-483C-A780-E51A16D368C9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{96001388-7267-44DB-A99C-E6368E6EA5E5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9891AA65-53D1-498D-B03F-EE20A5129342}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | 
"{A9210DD0-E2F5-426F-A338-6FAE8DD27261}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B5E28D4D-AA16-4C38-A91C-A5685406C977}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C376056A-FB94-462D-889A-6FCFF78F2020}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D8A12129-F690-4F61-8773-DE3D63D59E59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3B392EA-7214-4C22-828B-73E457ABDA99}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E4AF8BF1-029D-4E49-A299-21CE7EABEC75}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E841917F-543A-4D1E-BAAC-F0C32AF5D95B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EBA78659-9D6E-4B18-AECA-5EAE8814A760}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049FF5DA-AE98-4285-AF2A-BD75D5BC2820}" = dir=in | app=c:\users\cem\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{0BAC6C3B-5141-46F1-BAA4-44934170BD93}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{11624FD0-1534-4F50-817D-C675167DC0C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{14F98C5F-911D-4536-9E70-AA52DA2B3474}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1534E54C-18A6-49F3-A132-B3E78A2D4B22}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{178F8665-3F0B-4996-A04B-E9B7C1A47776}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1C91ADB8-D09C-45C1-8166-4240A36B56A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{1E1B430D-A320-4395-92F4-05CDCA4CF586}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F1B6C7D-4AAB-4BA2-8BBF-14757C851A8C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{2F9F168E-2896-4E6B-8E8F-38360F2DFFBF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2FA0FA3B-7AAA-44E0-8075-6153CE9FCF2A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{30A04706-C3A9-4E40-8FBF-DB1242BF6B91}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{34B7FF5F-BAA2-428B-98EC-7DBE54B7434C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3512E039-C6ED-4CCA-A920-D00FCC724DD4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{368756D0-40F1-4375-8043-49557F11DC6C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{37893409-792C-4E6F-B1F8-838F23BBD901}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{39B53AD4-727D-4C13-94BE-CFD3D5EA73B4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{3DF192C7-FB96-4402-9D35-2096667D2DB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4A0A5CE0-54D7-40C3-A5EC-B5351295F25A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{52F872F6-7F44-4723-B14A-E6C40E239D89}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5AFDDC0E-FA52-4E15-A705-FB5EAE81786D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5D784F07-7F9E-4ADC-AEA9-573F535B4C41}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5D92D5C6-F94B-4012-8AE1-10157CA2030D}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe | 
"{60536484-6352-4061-9016-7AF720E2207A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6288F57E-E44D-4723-ADA6-34D15B595B03}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{671E9D95-4656-43ED-8295-40996FEDB292}" = protocol=6 | dir=out | app=system | 
"{696F0547-18DC-422D-A6E6-CC72908E6F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6D9EC7F7-11FC-4D7F-83E1-093C74EF6FB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6EB521C9-B32F-4E67-A5F2-C32E773AC8A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72C55D90-67BE-4D82-8C4D-03C239806260}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe | 
"{74854408-8D33-4DDC-8EF2-DF71D39247B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{75BBEA05-ECB3-40BA-A6EE-8E3ADE11253E}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{7A8DFC5C-8CEF-4E8F-A4DD-F6CE0DBA068D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{7A9F7AD9-0084-4358-9ADB-062313041E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\thehunter\game\thehunter.exe | 
"{7B87BCED-01B2-4037-8622-FC27C9938755}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{82CDC385-587F-420F-86BA-AC85E54FC900}" = protocol=6 | dir=in | app=c:\program files (x86)\thehunter\game\thehunter.exe | 
"{8382CE81-FBD8-4B60-A644-9E84E082FBE1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EE9DB1B-D300-4E39-AACA-469CC8AB308D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{93794BF5-3F5F-4CF7-8045-BFE848891C7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{93BEE314-ED5D-4495-B450-67A758705372}" = protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | 
"{95F0E7BC-2C61-4913-90AE-AC289EE7E97D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AC9FCB5C-7457-4BA4-A3D6-4E39DA7A5D85}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{ACAF2782-F6D3-49F5-9C87-95B7507BCD88}" = protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | 
"{B4B397EE-09C7-4A06-A389-0F7466D23EE5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B5F7A057-866C-4B53-B9B0-DE2AD053ABB7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{BB28A829-1D68-48BE-87D8-4FA5FF473867}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C04456A5-8793-4AAD-8414-5C06A42E6364}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C18D7AE8-E9DB-4F78-950D-2F09E24F257C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C8BC4BA6-83F3-48FF-8ABB-355456E1DF82}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C91A3186-13C2-4B7E-98FF-3862B08076AA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C9578C48-654F-4732-B6A7-C9769E9B6A40}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D6B71D93-244E-405D-9F6C-52F0D4E983E9}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{D999CFCB-27B1-4906-90DA-CE912B7B219E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D9B3DDA3-381C-45DF-A0EB-E59A44FD2689}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DE15C9CD-108B-40F5-9A21-A04B39ECA34B}" = protocol=6 | dir=in | app=c:\program files (x86)\thehunter\launcher\launcher.exe | 
"{DF62CFEC-3FDF-4A04-A890-460972990096}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{E6D44898-F3CB-4000-8537-4F778C542C01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EBA1006D-300D-4199-ABD3-726667F0CAF7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ED2D01F4-3937-40EE-8039-750747C0E2D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F11AC9B7-9BE1-40E0-9103-72A912937BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\thehunter\launcher\launcher.exe | 
"{F86E40B7-F7B6-4E1C-B2F9-600D93AA2954}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{FA87C2D1-C9AB-41DF-B8B4-CCFC1A13AB3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD807764-7B6F-440D-A79D-D756882F74A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{1A33704C-685D-4329-B3FF-E3ACC7FA5C7D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{1B2FFACE-441B-4185-9CD3-E22DF033EB10}C:\users\cem\desktop\jailbrak\tinyumbrella-5.11.01.exe" = protocol=6 | dir=in | app=c:\users\cem\desktop\jailbrak\tinyumbrella-5.11.01.exe | 
"TCP Query User{5997B496-F69A-4977-A301-399C55ABA5F0}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe | 
"TCP Query User{5CCA414D-D864-492B-B337-93470E56BB23}C:\program files (x86)\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe | 
"TCP Query User{77C96C2A-DC87-4FA0-B50E-FB9EE0EE64C5}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe | 
"TCP Query User{79C20D2E-67E8-4FC6-A971-BAB889533565}C:\users\cem\appdata\local\temp\rar$ex70.016\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\cem\appdata\local\temp\rar$ex70.016\redsn0w_win_0.9.10b1\redsn0w.exe | 
"TCP Query User{94DC45CB-1A19-4BCE-8263-518862DD31E3}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{9D9AFB8A-ED9E-4BD3-8414-A1BA35747FA1}C:\users\cem\appdata\local\temp\rar$ex25.120\tinyumbrella-5.11.01.exe" = protocol=6 | dir=in | app=c:\users\cem\appdata\local\temp\rar$ex25.120\tinyumbrella-5.11.01.exe | 
"TCP Query User{B0C0335C-6254-45C6-A95F-B5D851518C80}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{B317A527-DBD2-4581-8A27-8CA73D04EB94}C:\users\cem\desktop\tinyumbrella-5.11.01.exe" = protocol=6 | dir=in | app=c:\users\cem\desktop\tinyumbrella-5.11.01.exe | 
"TCP Query User{B52B58FC-437C-428E-923C-C966085B227F}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe | 
"TCP Query User{D01F66ED-2D6E-4F85-9B11-7371F164247B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{F2F57854-07AF-497B-A9A3-8CEA3D867269}C:\users\cem\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\cem\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{F9313D6A-559F-46E1-B53E-B83D1B09E328}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{3E418E72-DDDC-4B64-8D29-D3EE7BBBCC00}C:\users\cem\desktop\tinyumbrella-5.11.01.exe" = protocol=17 | dir=in | app=c:\users\cem\desktop\tinyumbrella-5.11.01.exe | 
"UDP Query User{5F926F1A-AB86-4452-8B9B-B239C8D49845}C:\users\cem\appdata\local\temp\rar$ex25.120\tinyumbrella-5.11.01.exe" = protocol=17 | dir=in | app=c:\users\cem\appdata\local\temp\rar$ex25.120\tinyumbrella-5.11.01.exe | 
"UDP Query User{69B949E4-1BE9-4B43-8033-DFF7F7BE6E27}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{6FDD807A-5FC7-4763-90C2-13190297E1B8}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{74FA031C-3D5E-47F4-AF9F-73B36EC69FC0}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe | 
"UDP Query User{7D80F03D-E6FF-4557-84F7-2191405B9819}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{842ADAB3-D854-45A0-8F4B-3800D669265E}C:\users\cem\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\cem\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{9E9D5548-674D-4F6D-AB71-A04EA5CBF391}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{A54B3E3F-0C13-4D2F-91D6-DB618BE1316C}C:\program files (x86)\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe | 
"UDP Query User{AC913AC9-5C4A-4BDB-871E-2BEFE9D5A865}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe | 
"UDP Query User{C3425FAE-EC12-4B9F-B471-D7C2D4F9490C}C:\users\cem\desktop\jailbrak\tinyumbrella-5.11.01.exe" = protocol=17 | dir=in | app=c:\users\cem\desktop\jailbrak\tinyumbrella-5.11.01.exe | 
"UDP Query User{D6AEC2D1-E2AA-44DE-AA2B-1148FBC5F283}C:\users\cem\appdata\local\temp\rar$ex70.016\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\cem\appdata\local\temp\rar$ex70.016\redsn0w_win_0.9.10b1\redsn0w.exe | 
"UDP Query User{D6C37D96-B26D-431F-8915-B95392E215AE}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe | 
"UDP Query User{F3116605-CF3C-4CC2-AA91-ADD01F20AA9C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.474
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" = 
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur 
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE1F1C-FD46-4A9F-B301-6EA419D34D90}" = ArcSoft Magic-i Visual Effects 2
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aMSN" = aMSN 0.98.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Foxit Reader_is1" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"ManyCam" = ManyCam 3.0.68 (remove only)
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OVH hubiC-browser" = OVH hubiC-browser
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpeedFan" = SpeedFan (remove only)
"splashtop" = VAIO Quick Web Access
"uTorrent" = µTorrent
"VAIO Help and Support" = 
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2012 07:27:50 | Computer Name = Cem-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 09:03:39 | Computer Name = Cem-VAIO | Source = MsiInstaller | ID = 11310
Description = 
 
Error - 15.08.2012 09:27:12 | Computer Name = Cem-VAIO | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 15.08.2012 09:27:12 | Computer Name = Cem-VAIO | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
 
Error - 15.08.2012 09:28:09 | Computer Name = Cem-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 09:52:07 | Computer Name = Cem-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 10:03:00 | Computer Name = Cem-VAIO | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 15.08.2012 10:03:02 | Computer Name = Cem-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Software4u.IDeviceManager.exe, Version:
 1.3.0.0, Zeitstempel: 0x4fc26378  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000001
ID
 des fehlerhaften Prozesses: 0x1858  Startzeit der fehlerhaften Anwendung: 0x01cd7aee1f282ea0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: ed112b4d-e6e1-11e1-b522-78843ce8fdbd
 
Error - 15.08.2012 11:12:42 | Computer Name = Cem-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 10.6.3.25, Zeitstempel:
 0x4fd16377  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x80000003  Fehleroffset: 0x0001280c  ID des fehlerhaften
 Prozesses: 0x1464  Startzeit der fehlerhaften Anwendung: 0x01cd7af566a6bd2b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a895a6a8-e6eb-11e1-b522-78843ce8fdbd
 
Error - 15.08.2012 11:38:51 | Computer Name = Cem-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: updsvc.dll, Version: 2.4.32.20,
 Zeitstempel: 0x4ede864f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f8b  ID des fehlerhaften
 Prozesses: 0x8d8  Startzeit der fehlerhaften Anwendung: 0x01cd7afc0769ea3a  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 c:\windows\system32\updsvc.dll  Berichtskennung: 4f49baa7-e6ef-11e1-aa14-78843ce8fdbd
 
[ System Events ]
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1062
 
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1062
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
 
< End of report >

Installierte Programme

Code:

ATTFilter

Adobe AIR	Adobe Systems Inc.	03.09.2011		2.5.1.17730
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	14.08.2012	6,00MB	11.3.300.271
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	14.08.2012	6,00MB	11.3.300.271
Adobe Shockwave Player	Adobe Systems, Inc.	24.12.2011	25,7MB	11.0
Alps Pointing-device for VAIO	ALPS ELECTRIC CO., LTD.	03.09.2011		
aMSN 0.98.9		11.08.2012		
Apple Application Support	Apple Inc.	14.08.2012	61,0MB	2.1.9
Apple Mobile Device Support	Apple Inc.	14.08.2012	24,9MB	5.2.0.6
Apple Software Update	Apple Inc.	25.10.2011	2,38MB	2.1.3.127
ArcSoft Magic-i Visual Effects 2	ArcSoft	25.10.2011	69,5MB	2.0.1.142
ArcSoft Magic-i Visual Effects 2	ArcSoft	27.04.2012	68,5MB	2.0.99.136
ArcSoft WebCam Companion 4	ArcSoft	22.04.2012	81,3MB	4.0.21.484
Atheros WiFi Driver Installation	Atheros	27.12.2011		3.0
Avira Free Antivirus	Avira	15.08.2012	110MB	12.0.0.1167
Bing Bar	Microsoft Corporation	03.09.2011	24,4MB	7.0.610.0
Bluetooth Win7 Suite (64)	Atheros Communications	03.09.2011	74,5MB	7.3.0.100
Bonjour	Apple Inc.	25.10.2011	2,04MB	3.0.0.10
Browser Manager		15.08.2012		
CCleaner	Piriform	24.07.2012		3.21
Conexant HD Audio	Conexant	03.09.2011		8.54.0.53
Facebook Video Calling 1.2.0.159	Skype Limited	22.03.2012	4,76MB	1.2.159
Foxit Reader	Foxit Corporation	11.08.2012	36,1MB	5.3.1.606
Free YouTube Download version 3.0.19.1206	DVDVideoSoft Ltd.	11.12.2011	68,7MB	
FUSSBALL MANAGER 12	Electronic Arts	19.05.2012	6,58GB	1.0.0.3
Google Chrome	Google Inc.	17.03.2012		21.0.1180.83
ICQ7.6	ICQ	31.10.2011		7.6
iDevice Manager	Marx Softwareentwicklung	15.08.2012	7,40MB	1.3.0.0
Intel(R) Control Center	Intel Corporation	03.09.2011		1.2.1.1007
Intel(R) Management Engine Components	Intel Corporation	03.09.2011		7.0.0.1144
Intel(R) Processor Graphics	Intel Corporation	03.09.2011		8.15.10.2291
Intel(R) Rapid Storage Technology	Intel Corporation	03.09.2011		10.0.0.1046
iTunes	Apple Inc.	14.08.2012	420MB	10.6.3.25
Java(TM) 6 Update 22 (64-bit)	Oracle	03.09.2011	90,6MB	6.0.220
Java(TM) 6 Update 32	Oracle	14.05.2012	95,7MB	6.0.320
Kaspersky Internet Security 2012		15.08.2012		
ManyCam 3.0.68 (remove only)	ManyCam LLC	27.04.2012		3.0.68
Microsoft .NET Framework 1.1	Microsoft	03.01.2012	34,8MB	1.1.4322
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	11.02.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	03.09.2011	2,93MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	11.02.2011	51,9MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	03.09.2011	10,6MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	03.09.2011	6,31MB	14.0.4763.1000
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	18.08.2012		14.0.4763.1000
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	18.08.2012		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	16.05.2012	50,6MB	5.1.10411.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	24.12.2011	298KB	8.0.59193
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	19.01.2012	2,63MB	8.0.51011
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	27.12.2011	788KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	28.12.2011	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	23.12.2011	596KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	19.01.2012	222KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	24.12.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	01.02.2012	15,2MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.06.2012	16,6MB	10.0.40219
Mozilla Firefox 15.0 (x86 de)	Mozilla	16.08.2012	39,2MB	15.0
Mozilla Maintenance Service	Mozilla	16.08.2012	327KB	15.0
MSXML 4.0 SP3 Parser	Microsoft Corporation	03.09.2011	1,47MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	11.07.2012	1,53MB	4.30.2114.0
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	27.10.2011	1,53MB	4.30.2107.0
NVIDIA PhysX	NVIDIA Corporation	09.02.2012	78,9MB	9.10.0513
OVH hubiC-browser		06.06.2012		0.3.8
PMB	Sony Corporation	03.09.2011	282MB	5.5.02.12220
QuickTime	Apple Inc.	15.12.2011	73,2MB	7.71.80.42
Realtek PCIE Card Reader	Realtek Semiconductor Corp.	03.09.2011		6.1.7600.77
Revo Uninstaller 1.94	VS Revo Group	11.08.2012		1.94
Skype™ 5.8	Skype Technologies S.A.	24.03.2012	19,0MB	5.8.158
Snagit 10.0.1	TechSmith Corporation	21.11.2011	68,8MB	10.0.1
SpeedFan (remove only)		27.08.2012		
System.Data.SQLite v1.0.81.0	System.Data.SQLite Team	15.06.2012	7,98MB	1.0.81.0
Unity Web Player	Unity Technologies ApS	30.10.2011	12,0MB	
VAIO - Media Gallery	Sony Corporation	03.09.2011		1.5.0.16020
VAIO - PMB VAIO Edition Guide	Sony Corporation	03.09.2011	72,3MB	1.6.00.06030
VAIO - PMB VAIO Edition Plug-in	Sony Corporation	03.09.2011	193MB	1.6.10.11160
VAIO - Remote Play mit PlayStation®3	Sony Corporation	03.09.2011		1.1.0.15070
VAIO - Remote-Tastatur	Sony Corporation	03.09.2011		1.0.1.03020
VAIO Care	Sony Corporation	26.11.2011		6.4.2.11150
VAIO Control Center	Sony Corporation	03.09.2011		4.5.0.03040
VAIO Data Restore Tool	Sony Corporation	03.09.2011		1.6.0.13140
VAIO Easy Connect	Sony Corporation	21.01.2012	14,6MB	1.1.2.01120
VAIO Event Service	Sony Corporation	03.09.2011		5.5.0.03040
VAIO Gate	Sony Corporation	15.05.2012		2.4.2.02200
VAIO Gate Default	Sony Corporation	03.09.2011		2.4.0.03240
VAIO Hero Screensaver - Summer 2011 Screensaver		25.10.2011		
VAIO Improvement	Sony Corporation	03.09.2011		1.0.0.14150
VAIO Improvement Validation	Sony Corporation	03.09.2011	496KB	1.0.4.01190
VAIO Quick Web Access	Sony Corporation	03.09.2011	334MB	1.4.5.3
VAIO Sample Contents	Sony Corporation	03.09.2011		1.4.2.09010
VAIO Smart Network	Sony Corporation	03.04.2012		3.8.0.08120
VAIO Update	Sony Corporation	03.04.2012		5.6.1.02150
VAIO-Handbuch	Sony Corporation	03.09.2011		2.0.0.02250
VAIO-Support für Übertragungen	Sony Corporation	03.09.2011		1.4.0.14230
VLC media player 2.0.1	VideoLAN	14.05.2012		2.0.1
Web Assistant 2.0.0.474	IncrediBar	15.08.2012	2,03MB	
Winamp	Nullsoft, Inc	07.06.2012		5.623 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	14.05.2012	75,0KB	1.0.0.1
Windows Live Mesh ActiveX Control for Remote Connections		11.02.2011		
Windows Media Player Firefox Plugin	Microsoft Corp	11.04.2012	296KB	1.0.0.8
Windows Mobile-Gerätecenter	Microsoft Corporation	19.12.2011	27,4MB	6.1.6965.0
WinRAR 4.01 (64-Bit)	win.rar GmbH	26.10.2011		4.01.0
µTorrent		01.11.2011		3.0.0

kira · 28.08.2012, 15:13

sieht nicht gut aus, Du hast vermutlich "Mediyes" auf deinem Rechner!
ich denke, dass wir zunächst prüfen müssen:

Lanmanworkstation-Check

Um zu testen, ob Dein Computer von dem Virus befallen ist, der die Dienste Arbeitsstationsdienst und DNS-Client auf schädliche Dateien umleitet, führe bitte folgenden Schnelltest durch:

Lade die LanmanCheck.exe herunter und speichere sie auf Deinem Desktop.
Führe die Datei aus und lasse Dir die Infos anzeigen, indem Du die Frage mit "Ja" antwortest.
Es öffnet sich eine Messagebox, die darüber informiert, ob der Rechner infiziert ist oder nicht und was ggfs. zu tun ist.
Markiere in beiden Fällen den Inhalt der Messagebox und kopiere den Text hier in den Thread.

thugtr1905 · 28.08.2012, 15:16

Also ich kann die datei LanmanCheck.exe es kommt der fehler : LL im Lanmanworkstation Schlüssel:
Geladene DLL:
Signatur der DLL:
Rückgabe der Signaturermittlung: Das System kann die angegebene Datei nicht finden.
MD5 der DLL:

DLL im Dnscache Schlüssel: %SystemRoot%\System32\dnsrslvr.dll
Geladene DLL: C:\Windows\System32\dnsrslvr.dll
Signatur der DLL: Microsoft Windows
Rückgabe der Signaturermittlung: Der Vorgang wurde erfolgreich beendet.
MD5 der DLL: 16835866AAA693C7D7FCEBA8FFF706E4

Der Lanmanworkstation Schlüssel konnte nicht ausgelesen werden oder ist nicht vorhanden!
Die im Dnscache Schlüssel angegebenen DLL ist scheinbar nicht von Microsoft signiert - das könnte unter Umständen auf eine Infektion hindeuten!

kira · 28.08.2012, 18:11

Leider hat sich die Verdachtsdiagnose bestätigt, somit kommt nur eine Option in Frage, und zwar: dass Du windows neu installieren mußt.
Äußerst schwierig, alle Spuren finden, folgen und zuverlässig zu beseitigen. Die Symptome sind sehr unterschiedlich, und die Infektion bleibt oft über mehrere Wochen oder sogar Monate unbemerkt.
PC neu aufsetzen kann nur ein paar Stunden dauern und die Festplatte 100%ig frei von Viren oder sonstiger Malware!

Tipps & Rat:

1.
Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

2.
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7

3.
- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:

Zitat:

Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check

Die Online-Scanner sind alle reine On-Demand-Scanner. Sie durchsuchen einzelne Dateien oder Verzeichnisse, wahlweise die gesamte Festplatte, haben keinen Hintergrundwächter oder andere residente Prozesse. Dadurch verbrauchen sie ausser Festplattenspeicher keine Resourcen und man kann beliebig viele gleichzeitig installieren. Die Online-Scanner sind gut geeignet um sich eine zweite Meinung einzuholen.

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

thugtr1905 · 28.08.2012, 18:44

erstmal sehr vielen dank für alle deine bemühungen- also Neuaufsetzen würde ich gerne als letzde wahl in betracht ziehen.. eine andere möglichkeit empfiehlst du mir nicht ?? es auf die schwierigere art zu machen ??

kira · 28.08.2012, 19:37

Zitat:

Zitat von thugtr1905

also Neuaufsetzen würde ich gerne als letzde wahl in betracht ziehen..

Hast Du leider gar keine andere Wahl, da der Verwendung aller Mittel, die uns zur Verfügung stehen, reichen in diesem Fall nicht aus! Hier findet von außen gerade Fremdeingriff durch andere Personen statt!

thugtr1905 · 28.08.2012, 19:39

okey währe es sinvoll wichtige datein auf eine partiton zu verschrieben da ich externe speicher nicht zu verfügung habe. und wie ist das muss ich zum formatieren eine recovery disc erstellen ??

kira · 28.08.2012, 20:30

Es gibt immer etwas, das schief gehen kann und ob nicht etwas "mitverschoben" wird, was eigentlich nicht sollte...

Cpu zu hoch = notebook viel langsamer geworden

Plagegeister aller Art und deren Bekämpfung: Cpu zu hoch = notebook viel langsamer geworden