Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Google captcha abfrage & bundespolizeivirus

Google captcha abfrage & bundespolizeivirus


Log-Analyse und Auswertung: Google captcha abfrage & bundespolizeivirus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.12.2012, 03:40   #1
derya84
 
Google captcha abfrage & bundespolizeivirus - Standard

Google captcha abfrage & bundespolizeivirus


Vor ca. 3-4 Monaten bin ich vom Bundespolizeivirus überfallen worden. Ich hatte dann meinen Netbook (mit Windows7) mit AVG überprüft und einige verdächtige Dateien gelöscht. (und dann gar nichts gemacht) Nach diesem Ereignis hat Google mir zum ersten Mal eine CAPTCHA Abfrage mit dieser Meldung gesendet:

hxxp://support.google.com/websearch/bin/answer.py?hl=de&answer=86640

Seit diesem Überfall habe ich ab un zu diese Abfrage erhalten. Aber seit ca. einer Woche jeden Tag und jedesmal wenn ich Google benutzen möchte. Aus Angst habe ich nach 3 Monaten nach dem Überfall der Bundespolizeivirus eine Webseite gefunden, die Tipps gibt, wie man diese Virus entfernt.

hxxp://www.bundespolizei-virus.de/

Nach Anweisungen für unerfahrene Benutzer habe ich Die Notfall Cd heruntergeladen (dafür bei Firstload angemeldet die Cd ist Kaspersky windows unlocker glaube ich) und die Anweisungen durchgeführt. Aber nach Scannen habe ich keine Bedrohungen gefunden.

Dann habe ich versucht Windows 7 neu zu installieren mit System Recovery CD. Ich habe erstmal alle Partitionen gelöscht und dann Windows 7 neu installiert.

Aber wenn ich wieder in Google etwas schreibe, immer noch diese Captcha Abfrage.

Als letztes habe ich Spyware Terminator heruntergeladen. Nach Scannen hat diese 24 infizierte Dateien gefunden. Affiliate tracking cookies.
Diese habe ich gelöscht. Nachher noch eine Überprüfung mit Avast und habe keine Bedrohungen gefunden.

Aber Google Captcha Abfrage Problem besteht immer noch. Ich habe ert seit ein paar Tagen WLAN. Bisher habe ich nur Lan Verbindung benutzt. Ich habe versucht mit meinem Handy über WLan ins Internet zu verbinden. und eine Überraschung! Google hat auch zu meinem Handy dieselbe Captcha Abfrage gesendet.

Mein Netbook funknioniert außerdem ziemlich ganz normal, aber ich bin mir nicht ganz sicher ob ich diese Bundespolizei virus richtig entfernt habe und ob Google Captcha Abfrage mit diesem Virus zu tun haben kann.

Ich sende ihnen meine Logfiles von OTl mit der Hoffnung, dass Sie mir vielleicht helfen können. Als sehr unerfahrene Benutzerin brauche ich Eure Hilfe Beim Scan mit Otl habe ich Avast deaktiviert. (ich weiss nicht ob es richtig war)

Vielen Dank im Voraus und entschuldige mich für meinen Deutsch und für etwas lange Nachricht.
MfG,
Derya

OTL logfile created on: 20.12.2012 02:57:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\derya\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013,30 Mb Total Physical Memory | 321,22 Mb Available Physical Memory | 31,70% Memory free
1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 216,93 Gb Free Space | 93,19% Space Free | Partition Type: NTFS

Computer Name: DERYA-PC | User Name: derya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\derya\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 6B 30 44 54 DE CD 01 [binary data]
IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes\{23530345-370C-475E-A1B7-29101769EF6E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=469A2950-8C02-4C3A-856A-F800790215CC&apn_sauid=4BB2C14B-1C96-4E19-80F0-974D9791E0A3
IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.de"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.19 17:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.19 17:46:34 | 000,000,000 | ---D | M]

[2012.12.19 11:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\Extensions
[2012.12.20 00:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\Firefox\Profiles\6tiiggbw.default\extensions
[2012.12.20 00:14:57 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\firefox\profiles\6tiiggbw.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012.12.19 14:35:41 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\firefox\profiles\6tiiggbw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.19 17:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.19 17:46:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.11 18:47:16 | 001,903,520 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D1D805D-972F-4927-91B7-1217F928207E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF786D4-3E50-4680-BF1C-C158320A7F31}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\bttray.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.20 02:42:05 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.12.20 02:42:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.12.20 02:42:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.12.20 02:42:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.12.20 02:42:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.20 02:42:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.12.20 02:42:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.12.20 02:42:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.12.20 02:42:03 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.12.20 02:42:03 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.12.20 02:42:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.12.20 02:42:02 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.12.20 02:42:02 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.12.20 02:42:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.12.20 02:42:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.20 02:42:01 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.12.20 02:42:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.20 02:42:01 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.12.20 02:42:01 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.12.20 02:42:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.20 02:42:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.12.20 02:42:01 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.12.20 02:42:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.12.20 02:42:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.20 02:42:00 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.12.20 02:42:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.12.20 02:42:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.12.20 02:42:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.12.20 02:41:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.20 02:41:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.20 02:41:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.12.20 02:41:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.20 02:41:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.12.20 02:41:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.12.20 02:41:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.12.20 02:41:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.12.20 02:41:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.12.20 02:38:43 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012.12.20 02:38:43 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.12.20 02:38:43 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.12.20 02:38:43 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012.12.20 02:38:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.12.20 02:38:41 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.12.20 02:38:41 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012.12.20 02:38:41 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.12.20 02:38:41 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012.12.20 02:38:41 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012.12.20 02:38:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.12.20 02:38:41 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.12.20 02:38:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.12.20 02:38:41 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012.12.20 02:35:24 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.12.20 02:32:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012.12.20 02:21:24 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012.12.20 02:19:23 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2012.12.20 01:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.20 01:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.20 00:59:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2012.12.20 00:59:51 | 001,006,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2012.12.19 23:33:37 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.12.19 22:08:08 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\Spyware Terminator
[2012.12.19 22:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.12.19 22:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.12.19 22:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.12.19 18:16:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.12.19 18:11:13 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.12.19 18:11:12 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.12.19 18:10:54 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.12.19 18:10:54 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.12.19 18:10:54 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.12.19 18:10:45 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.12.19 18:10:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.12.19 17:42:02 | 000,000,000 | --SD | C] -- C:\Users\derya\AppData\Roaming\Microsoft
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Videos
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Saved Games
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Pictures
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Music
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Links
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Favorites
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Downloads
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Documents
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\Desktop
[2012.12.19 17:42:02 | 000,000,000 | R--D | C] -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Vorlagen
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\AppData\Local\Verlauf
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\AppData\Local\Temporary Internet Files
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Startmenü
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\SendTo
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Recent
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Netzwerkumgebung
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Lokale Einstellungen
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Documents\Eigene Videos
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Documents\Eigene Musik
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Eigene Dateien
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Documents\Eigene Bilder
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Druckumgebung
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Cookies
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\AppData\Local\Anwendungsdaten
[2012.12.19 17:42:02 | 000,000,000 | -HSD | C] -- C:\Users\derya\Anwendungsdaten
[2012.12.19 17:42:02 | 000,000,000 | -H-D | C] -- C:\Users\derya\AppData
[2012.12.19 17:42:02 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Temp
[2012.12.19 17:42:02 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Microsoft
[2012.12.19 17:37:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.12.19 16:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caminova
[2012.12.19 16:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Caminova
[2012.12.19 15:40:45 | 000,000,000 | ---D | C] -- C:\Intel
[2012.12.19 14:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.19 14:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.12.19 13:58:02 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.12.19 13:58:02 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.12.19 13:58:02 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.12.19 13:57:45 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.12.19 13:57:45 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.12.19 13:57:45 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.12.19 13:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.19 13:23:35 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.12.19 13:23:34 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.12.19 13:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.12.19 13:23:05 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\TuneUp Software
[2012.12.19 13:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2012.12.19 13:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.19 13:21:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.19 13:21:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.19 13:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.12.19 13:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.12.19 13:10:36 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Broadcom
[2012.12.19 13:10:36 | 000,000,000 | ---D | C] -- C:\Users\derya\Documents\Bluetooth-Exchange-Ordner
[2012.12.19 13:06:38 | 000,020,008 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\btwcoins.dll
[2012.12.19 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012.12.19 12:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SAMSUNG
[2012.12.19 12:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.12.19 12:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012.12.19 12:49:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.12.19 12:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.12.19 12:21:17 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\Macromedia
[2012.12.19 12:21:17 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Macromedia
[2012.12.19 12:21:17 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\Adobe
[2012.12.19 12:17:13 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.19 12:17:13 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.19 12:17:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012.12.19 12:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.12.19 11:00:42 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\Mozilla
[2012.12.19 11:00:42 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Mozilla
[2012.12.19 11:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.19 11:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.12.19 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.12.19 00:00:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012.12.18 23:35:53 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.12.18 23:31:55 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Google
[2012.12.18 23:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.12.18 23:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.12.18 23:31:49 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.12.18 23:31:49 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.12.18 23:31:46 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.12.18 23:31:45 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.12.18 23:31:44 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.12.18 23:31:41 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.12.18 23:31:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.12.18 23:30:23 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.12.18 23:30:22 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.12.18 23:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.12.18 23:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.12.18 23:20:48 | 000,000,000 | R--D | C] -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.12.18 23:20:48 | 000,000,000 | R--D | C] -- C:\Users\derya\Searches
[2012.12.18 23:20:48 | 000,000,000 | R--D | C] -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.12.18 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\Identities
[2012.12.18 23:20:35 | 000,000,000 | R--D | C] -- C:\Users\derya\Contacts
[2012.12.18 23:20:27 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\VirtualStore
[2012.12.18 23:20:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.12.18 23:20:04 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.12.18 23:20:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.12.18 23:15:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.12.18 23:11:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012.12.20 02:54:59 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 02:54:59 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 02:53:33 | 000,684,954 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.12.20 02:53:33 | 000,680,010 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012.12.20 02:53:33 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.20 02:53:33 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.20 02:53:33 | 000,127,070 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.12.20 02:53:33 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.20 02:53:33 | 000,124,006 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012.12.20 02:53:33 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.20 02:46:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 02:46:36 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 02:42:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.12.20 02:42:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.12.20 02:42:04 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.12.20 02:42:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.12.20 02:42:04 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.20 02:42:04 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.12.20 02:42:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.12.20 02:42:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.12.20 02:42:03 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.12.20 02:42:03 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.12.20 02:42:03 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.12.20 02:42:02 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.12.20 02:42:02 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.12.20 02:42:02 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.12.20 02:42:02 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.12.20 02:42:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.20 02:42:01 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.20 02:42:01 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.12.20 02:42:01 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.12.20 02:42:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.20 02:42:01 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.12.20 02:42:01 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.12.20 02:42:01 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.12.20 02:42:01 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.12.20 02:42:00 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.20 02:42:00 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.12.20 02:42:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.12.20 02:42:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.12.20 02:42:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.12.20 02:41:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.20 02:41:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.20 02:41:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.12.20 02:41:58 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.20 02:41:58 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.12.20 02:41:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.12.20 02:41:58 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.12.20 02:41:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.12.20 02:41:57 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.12.20 02:38:43 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012.12.20 02:38:43 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.12.20 02:38:43 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.12.20 02:38:43 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012.12.20 02:38:43 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.12.20 02:38:41 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.12.20 02:38:41 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012.12.20 02:38:41 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.12.20 02:38:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012.12.20 02:38:41 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012.12.20 02:38:41 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.12.20 02:38:41 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.12.20 02:38:41 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.12.20 02:38:41 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012.12.20 02:34:10 | 000,698,444 | ---- | M] () -- C:\Windows\System32\oem1.inf
[2012.12.20 02:30:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.20 01:03:58 | 000,015,218 | ---- | M] () -- C:\Windows\System32\results.xml
[2012.12.20 00:58:55 | 001,006,104 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2012.12.19 22:08:04 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.12.19 19:34:01 | 000,059,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2012.12.19 19:34:00 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v2117.dll
[2012.12.19 19:34:00 | 000,039,352 | ---- | M] () -- C:\Windows\System32\iglhxs32.vp
[2012.12.19 19:33:58 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2012.12.19 19:33:58 | 000,279,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2012.12.19 19:33:58 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2012.12.19 19:33:58 | 000,262,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2012.12.19 19:33:58 | 000,257,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2012.12.19 19:33:58 | 000,051,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2012.12.19 19:33:57 | 000,299,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2012.12.19 19:33:57 | 000,294,912 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2012.12.19 19:33:57 | 000,291,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2012.12.19 19:33:57 | 000,289,280 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2012.12.19 19:33:57 | 000,287,744 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2012.12.19 19:33:57 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2012.12.19 19:33:57 | 000,280,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2012.12.19 19:33:56 | 000,304,640 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2012.12.19 19:33:56 | 000,303,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2012.12.19 19:33:56 | 000,288,256 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2012.12.19 19:33:56 | 000,281,088 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2012.12.19 19:33:56 | 000,249,856 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2012.12.19 19:33:56 | 000,206,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2012.12.19 19:33:56 | 000,205,312 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2012.12.19 19:33:55 | 005,702,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2012.12.19 19:33:55 | 000,310,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2012.12.19 19:33:55 | 000,303,104 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc
[2012.12.19 19:33:55 | 000,275,968 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2012.12.19 19:33:54 | 000,303,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2012.12.19 19:33:54 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2012.12.19 19:33:54 | 000,280,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2012.12.19 19:33:54 | 000,252,416 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2012.12.19 19:33:54 | 000,199,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2012.12.19 19:33:54 | 000,179,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2012.12.19 19:33:54 | 000,178,176 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2012.12.19 19:33:53 | 000,130,048 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2012.12.19 19:33:53 | 000,023,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2012.12.19 19:33:52 | 000,672,792 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe
[2012.12.19 19:33:52 | 000,119,296 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2012.12.19 19:33:51 | 003,829,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2012.12.19 19:33:51 | 000,536,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2012.12.19 19:33:50 | 004,104,192 | ---- | M] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2012.12.19 19:33:49 | 002,686,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\ig4dev32.dll
[2012.12.19 19:33:48 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2012.12.19 19:32:04 | 000,257,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.19 19:12:28 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2012.12.19 18:11:55 | 000,035,789 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.12.19 17:59:16 | 000,021,532 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012.12.19 16:26:21 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.12.19 16:26:21 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.12.19 13:57:27 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.12.19 13:57:17 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.12.19 13:57:17 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.12.19 13:57:16 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.12.19 13:57:13 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.12.19 13:57:13 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.12.19 13:23:29 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.12.19 13:23:29 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.19 13:16:03 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.19 13:07:10 | 000,000,834 | -H-- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.12.19 13:00:04 | 000,020,008 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\btwcoins.dll
[2012.12.19 12:54:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf
[2012.12.19 12:50:29 | 000,000,000 | ---- | M] () -- C:\Windows\RTLInBoth.ini
[2012.12.19 12:32:11 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.19 12:32:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.19 11:00:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.18 23:31:50 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.11.29 16:06:14 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

========== Files Created - No Company Name ==========

[2012.12.20 02:42:01 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.12.19 22:08:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.12.19 22:08:04 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.12.19 19:39:10 | 000,015,218 | ---- | C] () -- C:\Windows\System32\results.xml
[2012.12.19 19:12:28 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2012.12.19 18:18:46 | 000,001,413 | ---- | C] () -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.19 18:14:15 | 796,889,088 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.19 17:59:16 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012.12.19 17:40:35 | 000,698,444 | ---- | C] () -- C:\Windows\System32\oem1.inf
[2012.12.19 16:26:20 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.12.19 16:26:20 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.12.19 13:23:29 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.12.19 13:23:29 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.19 13:23:28 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.12.19 13:16:03 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.19 13:16:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.19 13:04:01 | 000,000,834 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.12.19 12:54:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf
[2012.12.19 12:50:29 | 000,000,000 | ---- | C] () -- C:\Windows\RTLInBoth.ini
[2012.12.19 12:17:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.19 11:00:33 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.19 11:00:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.18 23:31:50 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.12.19 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\derya\AppData\Roaming\Spyware Terminator
[2012.12.19 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\derya\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 20.12.2012 02:57:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\derya\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013,30 Mb Total Physical Memory | 321,22 Mb Available Physical Memory | 31,70% Memory free
1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 216,93 Gb Free Space | 93,19% Space Free | Partition Type: NTFS

Computer Name: DERYA-PC | User Name: derya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6B465CCB-4A89-4440-AE59-63C1C36BF420}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{8E86C963-CB9A-4610-8BD9-5C569B24F56F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{B7DAFC20-21DE-4A6C-BDC8-27335F519E66}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42B192B9-BB80-4039-81AC-38DDA4F6783E}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{917705D7-CA61-487D-A409-D1B1A5F5B351}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{A01DF7C1-2565-48C8-87C3-3CF5EECC4543}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{DA109835-1AE2-468E-A583-077AF8A79B07}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"TCP Query User{327C047A-F448-45FB-91AD-B1DDDE1B0406}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{B5944BA0-CE51-4292-A21B-148CB118FAC0}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADDBDFFF-A9B1-4AAA-94ED-2F754A1F5D5F}" = Document Express DjVu Plug-in
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TuneUp Utilities 2013" = TuneUp Utilities 2013

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.12.2012 21:19:58 | Computer Name = derya-PC | Source = ESENT | ID = 455
Description = Windows (3244) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000E.log.

Error - 19.12.2012 21:19:58 | Computer Name = derya-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 19.12.2012 21:19:58 | Computer Name = derya-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 19.12.2012 21:19:58 | Computer Name = derya-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 19.12.2012 21:19:58 | Computer Name = derya-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 19.12.2012 21:19:58 | Computer Name = derya-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 19.12.2012 21:19:59 | Computer Name = derya-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 19.12.2012 21:19:59 | Computer Name = derya-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 19.12.2012 21:19:59 | Computer Name = derya-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 19.12.2012 21:19:59 | Computer Name = derya-PC | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 19.12.2012 16:40:23 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 19.12.2012 18:06:36 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 19.12.2012 19:54:17 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 19.12.2012 19:54:34 | Computer Name = derya-PC | Source = DCOM | ID = 10000
Description =

Error - 19.12.2012 20:03:04 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 19.12.2012 21:19:34 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 19.12.2012 21:19:59 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.

Error - 19.12.2012 21:19:59 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 19.12.2012 21:20:29 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056

Error - 19.12.2012 21:47:24 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


< End of report >

 

Themen zu Google captcha abfrage & bundespolizeivirus
antivirus, autorun, bho, error, fehler, firefox, flash player, format, google, helper, install.exe, installation, internet, kaspersky, lan verbindung, mozilla, plug-in, problem, realtek, registry, rundll, scan, security, software, spyware, system, taskhost.exe, windows


« Bereinigung "Polizeitrojaner" Hilfe gebraucht | Snap.do-Trojaner gefunden »


Ähnliche Themen: Google captcha abfrage & bundespolizeivirus


  1. WIN 7: Google meldet dubiose Aktivitäten und verlangt Captcha
    Log-Analyse und Auswertung - 12.05.2015 (31)
  2. Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner
    Log-Analyse und Auswertung - 27.04.2015 (7)
  3. Ständige Google-Captcha Abfrage
    Log-Analyse und Auswertung - 17.04.2015 (11)
  4. Windows 8.1 - Captcha-Abfrage bei Google
    Log-Analyse und Auswertung - 01.01.2015 (13)
  5. Windows 7: Google Redirect leitet auf Werbeseite mit Captcha
    Log-Analyse und Auswertung - 07.09.2014 (3)
  6. Win 7 / Neu aufgesetzt von Recover Laufwerk / Google sehr langsam / Beim Anmelden PW Abfrage weg
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (6)
  7. Win 8.1: Internetzugriff "umgeleitet" oder langsam, Google will Captcha, statt FritzBox russische Seite
    Log-Analyse und Auswertung - 10.01.2014 (9)
  8. Bei Nutzung von Google Captcha Abfrage / Verdacht auf Mißbrauch meines Internetzugangs
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (19)
  9. Google sucht nicht und verlangt Captcha
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (13)
  10. Google Captcha Problem - Datenverkehr
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (23)
  11. Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (31)
  12. captcha problem bei google: Ungewöhnlicher Datenverkehr aus Ihrem Computernetzwerk
    Log-Analyse und Auswertung - 10.10.2012 (3)
  13. Google fordert Captcha-Eingabe von Suchmaschinennutzern
    Nachrichten - 26.07.2012 (0)
  14. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 21.04.2012 (1)
  15. Captcha-Abfragen noch immer leicht zu umgehen
    Nachrichten - 04.11.2011 (0)
  16. Ständig Fehlermeldung im IE bei Google Abfrage
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (27)
  17. Mit captcha lösen Geld verdienen, aber benötigte software sicher?
    Alles rund um Windows - 16.01.2011 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Google captcha abfrage & bundespolizeivirus - Vor ca. 3-4 Monaten bin ich vom Bundespolizeivirus überfallen worden. Ich hatte dann meinen Netbook (mit Windows7) mit AVG überprüft und einige verdächtige Dateien gelöscht. (und dann gar nichts gemacht) - Google captcha abfrage & bundespolizeivirus...
Archiv
Du betrachtest: Google captcha abfrage & bundespolizeivirus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19