fehler meldungen mit .exe datein

xplayax11 · 24.03.2010, 20:59

Gude,

ich hab ein kleines oder auch vielleicht ein großes System fehler

Immer wenn ich mein pc hochfahre kommen ziemlich veile fehler meldung z.b
pqd.exe reagiert nicht und die meldung kommt sau oft und das nervt langsam

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:37, on 24.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
C:\Windows\Pixart\PAC7302\Monitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_d4660_ge
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_d4660_ge
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_d4660_ge
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Turgut\AppData\Local\Temp\Pqr.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ATI Technologies] C:\Users\Turgut\AppData\Roaming\ATI_disp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS4\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS5\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS6\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS7\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS8\Services\Tcpip\..\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.2.1,192.168.2.2
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell Services - C:\Windows\SYSTEM32\HidService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12426 bytes

Larusso · 24.03.2010, 21:21

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

schritt 2

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
Log von MBAM
OTL.txt
Extras.txt
berichte ob noch Probleme vorhanden sind

xplayax11 · 24.03.2010, 22:08

OTL Extras logfile created on: 24.03.2010 21:51:53 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Turgut\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 849,58 Gb Free Space | 92,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCM-PC
Current User Name: Turgut
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 8C C7 B4 BC 8B E0 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Users\Mcm\Desktop\Combat Arms EU\CombatArms.exe" = C:\Users\Mcm\Desktop\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Users\Mcm\Desktop\Combat Arms EU\Engine.exe" = C:\Users\Mcm\Desktop\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Launcher.atm" = C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe" = C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Users\Mcm\Desktop\Combat Arms EU\CombatArms.exe" = C:\Users\Mcm\Desktop\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Users\Mcm\Desktop\Combat Arms EU\Engine.exe" = C:\Users\Mcm\Desktop\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Launcher.atm" = C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe" = C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06386240-00D6-44AC-8E0A-CA5395133949}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F5C3568-3BEF-4877-BC30-D7E5451D8179}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1653DA11-6D97-4A96-9FA9-B4B07C5A94F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{25C65039-B8D0-42A9-8E46-0E2165B1B803}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{296B6E11-743C-492F-8D73-F012B5770751}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{38B07DEB-38B4-409F-B0D0-E558A3E5408E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3E1CFD96-1B54-4DE5-B6C4-0517B20719B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{4317B644-5DD2-4906-8486-979A80B3F568}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F524B15-4B35-4252-AB7F-52273CD436EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66F9F1C8-41C8-458A-A46B-58422CD5C853}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67AC1EAB-4EC0-4EDD-92A5-FE819D5F6116}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7BADEFB7-AFCA-4FF4-87F6-4D868902219D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7CC580C1-54BF-4D93-BA56-B9E23C08B753}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{87E85E26-D817-4BFA-89DB-976321630A5B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DA2C0EB-6165-4431-86E8-C5F12D6D5945}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{906C4E75-5BF7-4100-B23D-CF94582CE671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DA9810B-B4FB-4B11-8F51-86B75D82C21F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A77D77EF-441A-4B93-A12C-AFF0400721AB}" = rport=138 | protocol=17 | dir=out | app=system |
"{A989B977-A9C2-438E-A80E-05BCFB86EDB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{AFAB91EA-A6C2-4843-8D15-73B9132FF22C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B33648E0-122C-4BC1-91A3-17494B835471}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0765C60-4AE1-4AFB-97BE-30429D457A35}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C61D0346-1900-4729-9618-B0A74F8F9B1F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3DD8CF8-10E6-4229-A009-98FCBF93404D}" = lport=139 | protocol=6 | dir=in | app=system |
"{D41AB21A-869C-46CF-817F-A0AB0A8EAF9B}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4FBE149-836A-4181-A891-66CCFDACB86E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDE64435-7E2D-4EFC-81EF-5BFDCB5CD654}" = lport=138 | protocol=17 | dir=in | app=system |
"{E4E4D1F2-77EB-45BA-B99E-25A1765C6DD5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EFF58584-1C18-4288-A2DD-7408A9756C30}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7D0690-96E3-48C4-A2B6-C52B776740E4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0B5D8A79-2233-4D03-9049-185A0BDB2977}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0FC6561B-60A2-4A21-B8E7-FEDC70C67EF7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{147713E7-D270-40C0-831D-9736E8ACF319}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1F5D9CBF-1667-483B-823E-F90E20EFF6E7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{2056902E-0BEE-40D9-8C32-1C7F402BA34C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{206E04B2-0199-4265-98BB-127561219FED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A2E386F-A736-46CE-ACF1-41837940D405}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{39D41C18-E9DC-4DEB-9508-8B0ABA5451CE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3D9141D1-EABC-4B24-999D-93C569C85507}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{409A611C-AE76-4D6E-8350-CCA5B166AA3B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4A1028EC-53B0-4DE3-B46F-839EC3500D74}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{5C62E04B-B629-4B38-B653-71CBF9539B5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5E8BBDA6-4D1A-4D39-BA50-FFA4DA16383B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6050DEE7-6533-4C2C-9E04-AD23718DA12C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66F49FDD-9207-4730-AA85-6CB337F3EA3A}" = protocol=6 | dir=out | app=system |
"{679DE752-ED04-4F93-81C4-C690F3322E85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6825C6D4-ECC9-4D70-8103-08AC4A387A30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6B5B6799-1902-4459-891F-9A73CF805C94}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{71E00CFE-187B-4AE1-ABDD-EDDDEDD92385}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7BEFDB45-CC36-4DB8-A2F2-F399E7F8662F}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{7C899828-715F-4F6B-BDA2-CF793A60E416}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7FE9B797-4C8A-4B57-B8E5-8735668E0383}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80D9AB54-8024-4653-80E9-BEF4756CE735}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{822C8155-2174-446F-A120-FD7D82278D2D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{834148A1-95ED-479D-AA5D-5DC686D1F177}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{862A6480-10F1-452D-8176-0646F04C4F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{88F2FF39-4677-439B-BB93-1799BFC88442}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C1632B9-24C9-41AE-A770-7DE5A405E711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F832D97-442F-436B-9BB9-425ED1148759}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9596B089-71BC-4A62-B267-ADDEF5CCD444}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9703ECC8-DE56-4842-853D-4EEB0F808B20}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{A96BC4FE-C8F6-4429-AE60-12A02C53AF52}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B215E8F4-F499-4EB3-8A98-400D28DC66E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B77E0ECC-65DA-4DFF-B4AA-92C8B31A8BD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8623B7D-375B-4333-8489-02FF31B13ADD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD203A1F-E45E-4117-A253-2B9736B1D7EC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{BE2A45D1-0D91-4EB9-9658-CC7CD928AF8A}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{C6B5DCC3-DC84-4F0A-8478-C3BE962548E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CB8386AF-C157-4A10-9876-387AD8C52C8F}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{E35481D6-779F-45DC-85E5-46F9FCCDBBB5}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{E9C07AE5-6675-416E-93AE-EA0EF8C2ECD2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA1D4C12-9401-4A84-9984-65670F95D68D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{F677576A-C1D5-4669-9AFC-F42E3CD4A5DD}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{FACA93F1-134F-4385-A7F7-1AE07E4BD28D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD4311CA-C7B8-4D23-9D6E-CE9F015CCC46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD5994D5-16CE-4DD2-B3DD-B8EF502CC58D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FE666DB2-C714-4E8E-83F8-F8B738597E77}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"TCP Query User{04E08936-041E-4362-A6DB-0BBA6026A361}C:\users\turgut\desktop\fantasymt\metin2client.bin" = protocol=6 | dir=in | app=c:\users\turgut\desktop\fantasymt\metin2client.bin |
"TCP Query User{1D5ADC46-ED50-4791-9BD4-17F9FBE03D54}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe |
"TCP Query User{21CC010B-1ED5-4939-9581-C98F360CB642}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{291D652A-324C-476B-BAB5-7A2028BAB35E}C:\users\turgut\desktop\spiele\keepmt2\keepmt2.exe" = protocol=6 | dir=in | app=c:\users\turgut\desktop\spiele\keepmt2\keepmt2.exe |
"TCP Query User{37B7F21A-8B69-4B97-94CF-7075E91F0335}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"TCP Query User{52D20B88-72D9-42A8-B888-B9051C609DD5}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"TCP Query User{67950518-4D54-4890-BA81-7CCF5FFA2C88}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{6B4BF2B1-A020-45DB-BDAB-4AB3C692418A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6BB7A1F4-7239-471F-B5C4-5F5BC430DE24}C:\users\turgut\desktop\modified-client_4.0\mc.exe" = protocol=6 | dir=in | app=c:\users\turgut\desktop\modified-client_4.0\mc.exe |
"TCP Query User{72A7F4F8-E24E-4864-A65C-2B6379877DC3}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"TCP Query User{8205178B-66CC-4ADA-9541-CA98DEFB08F2}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{820FC6E4-523F-4786-9240-1D377C0C172A}C:\users\gast\desktop\matrixmt2_de\mc.exe" = protocol=6 | dir=in | app=c:\users\gast\desktop\matrixmt2_de\mc.exe |
"TCP Query User{93B8ED7D-108D-4EB4-B590-EC595282D3F7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{9AAAF2EA-A3CD-43E8-A6CA-DF4EDD2988A6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{ABBE57A5-2EAC-41F0-9089-84826334055C}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{D02A4501-3A1E-411B-BB6F-FB21D3588C6B}C:\users\turgut\desktop\fantasymt\metin2client.bin" = protocol=6 | dir=in | app=c:\users\turgut\desktop\fantasymt\metin2client.bin |
"TCP Query User{D780146A-2B34-441D-8B17-B19294ACEB1E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DE94908C-F825-4529-8438-953EB6EB4D82}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{E42D1113-ADF3-4F52-8BAE-239B00D95FB6}C:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{ED4E473D-A4BE-4E42-9055-4CA4EC6EAD59}C:\users\turgut\desktop\modified-client_4.0\metin2.exe" = protocol=6 | dir=in | app=c:\users\turgut\desktop\modified-client_4.0\metin2.exe |
"TCP Query User{F052D2B7-D3C2-407D-AE9C-B0C1D2BE24BE}C:\users\turgut\desktop\spiele\metin2\metin2 de\metin2.bin" = protocol=6 | dir=in | app=c:\users\turgut\desktop\spiele\metin2\metin2 de\metin2.bin |
"TCP Query User{F0B222DF-E678-4BF2-B5ED-6F1268630293}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{F802FDCB-63D6-4A6F-85DD-C4FE84000AD4}C:\users\turgut\desktop\spiele\godmt2-reloaded\client\godmt2-reloaded.exe" = protocol=6 | dir=in | app=c:\users\turgut\desktop\spiele\godmt2-reloaded\client\godmt2-reloaded.exe |
"TCP Query User{FE926375-FA01-4163-8738-A5B3574AC342}C:\users\turgut\desktop\spiele\metin2\metin2 de\metin2client.bin" = protocol=6 | dir=in | app=c:\users\turgut\desktop\spiele\metin2\metin2 de\metin2client.bin |
"UDP Query User{19737DB8-F43B-4ACE-AB3B-0E77CBE5B948}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"UDP Query User{27D46087-E46F-4E00-9630-5115C67B4E74}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2807BDDA-2FA1-4722-86AD-485F59D1DFEF}C:\users\turgut\desktop\fantasymt\metin2client.bin" = protocol=17 | dir=in | app=c:\users\turgut\desktop\fantasymt\metin2client.bin |
"UDP Query User{34AE5D89-C4A3-42FB-84D2-4CB07968C0F5}C:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{3930899B-8FC8-453F-B5B6-E88B4981714E}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{3BBF5C6E-6373-45D6-85FE-82F9998CD5DB}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{4A5FE557-63E6-495C-8FEA-2EAF0337AE55}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{5098625D-AC70-441A-8D6C-D5DE256BBA7B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{527ED8F6-9701-4A53-B488-D778B98B0543}C:\users\gast\desktop\matrixmt2_de\mc.exe" = protocol=17 | dir=in | app=c:\users\gast\desktop\matrixmt2_de\mc.exe |
"UDP Query User{568430A4-8894-4C56-9E46-AB9DD3B7D1B0}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe |
"UDP Query User{57F2D3A7-E331-4BA4-A157-3D43AD90E87E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{596D318D-D7B6-401F-B834-84EB60F953C3}C:\users\turgut\desktop\modified-client_4.0\mc.exe" = protocol=17 | dir=in | app=c:\users\turgut\desktop\modified-client_4.0\mc.exe |
"UDP Query User{63CAA44C-7EC1-435B-A1CD-AE2905F4B7E8}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{8932A48B-DC62-4BC4-8BFB-DC0EFFD04542}C:\users\turgut\desktop\spiele\godmt2-reloaded\client\godmt2-reloaded.exe" = protocol=17 | dir=in | app=c:\users\turgut\desktop\spiele\godmt2-reloaded\client\godmt2-reloaded.exe |
"UDP Query User{8FDF6BD5-8EB9-4813-B8A0-8B35E7EA1CF8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{977063AD-021A-483D-A4AC-0A93F6906DAD}C:\users\turgut\desktop\spiele\metin2\metin2 de\metin2.bin" = protocol=17 | dir=in | app=c:\users\turgut\desktop\spiele\metin2\metin2 de\metin2.bin |
"UDP Query User{978910A6-7F4C-4DE5-9ED0-72673C54016D}C:\users\turgut\desktop\modified-client_4.0\metin2.exe" = protocol=17 | dir=in | app=c:\users\turgut\desktop\modified-client_4.0\metin2.exe |
"UDP Query User{A6A433A4-92A4-47FC-9983-5E03A36EB0A6}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{C6D4F658-D87E-4DA4-B3EA-82AD39B2C78C}C:\users\turgut\desktop\spiele\metin2\metin2 de\metin2client.bin" = protocol=17 | dir=in | app=c:\users\turgut\desktop\spiele\metin2\metin2 de\metin2client.bin |
"UDP Query User{CF783ABB-824E-4ED9-8059-45020CA05263}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{D1142684-75AC-4FED-9589-FDED213B05AB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{DA00457D-8E59-4F01-8545-ECBA77BDF404}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"UDP Query User{E179EB0F-A6E2-4725-A68A-80D51D38671E}C:\users\turgut\desktop\fantasymt\metin2client.bin" = protocol=17 | dir=in | app=c:\users\turgut\desktop\fantasymt\metin2client.bin |
"UDP Query User{E8FFE55E-E795-4A37-99D9-0ADD4B68BC2D}C:\users\turgut\desktop\spiele\keepmt2\keepmt2.exe" = protocol=17 | dir=in | app=c:\users\turgut\desktop\spiele\keepmt2\keepmt2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C2BB36-ABE5-4E02-A043-E6C0F91A3E2C}" = PC VGA Camer@ Plus
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{73C2BB36-ABE5-4E02-A043-E6C0F91A3E2C}" = PC VGA Camer@ Plus
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Seven Remix XP" = Seven Remix XP 2.31
"SystemRequirementsLab" = System Requirements Lab
"TVUPlayer" = TVUPlayer 2.5.2.1
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

xplayax11 · 24.03.2010, 22:32

hxxp://www.bilder-hochladen.net/files/9vl1-5-jpg.html
wo ich den virus erhalten habe
kamm dieser ordner auch rein und ich kann es auch net löschen !!!!!!

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3909
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

24.03.2010 22:32:14
mbam-log-2010-03-24 (22-32-09).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 268333
Laufzeit: 38 minute(s), 2 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ (Backdoor.Bifrose) -> No action taken.
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ (Backdoor.Bifrose) -> No action taken.
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ\ZZZZZZZ (Backdoor.Bifrose) -> No action taken.

Infizierte Dateien:
C:\Users\Turgut\AppData\Local\Temp\Pqr.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Larusso · 25.03.2010, 15:06

Wichtig:
Anleitungen genau lesen und auch genau so abarbeiten.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3909
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

24.03.2010 22:32:14

Code:

ATTFilter

OTL Extras logfile created on: 24.03.2010 21:51:53 - Run 1

OTL ist vor Malwarebytes gelaufen.

Code:

ATTFilter

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.

Bedeuted Du hast folgendes nicht gemacht.

Zitat:

Zitat von Larusso

Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".

Ebenfalls fehlt mir die OTL.txt

Also das ganze von hier nocheinmal und auch in der Reihenfolge wie es angegeben ist.

Bitte poste in Deiner nächsten Antwort
Logfile von Malwarebytes
OTL.txt

xplayax11 · 25.03.2010, 16:23

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3909
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

25.03.2010 16:15:10
mbam-log-2010-03-25 (16-15-10).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 299113
Laufzeit: 37 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ (Backdoor.Bifrose) -> Delete on reboot.
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ (Backdoor.Bifrose) -> Delete on reboot.
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ\ZZZZZZZ (Backdoor.Bifrose) -> Delete on reboot.

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

xplayax11 · 25.03.2010, 16:42

OTL logfile created on: 25.03.2010 16:24:49 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Turgut\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 848,64 Gb Free Space | 92,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCM-PC
Current User Name: Turgut
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.24 21:50:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Turgut\Downloads\OTL.exe
PRC - [2010.03.23 15:33:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.03.21 19:31:10 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2010.03.09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.01.07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.01.07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009.11.20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.09.30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009.07.26 16:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.18 10:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
PRC - [2008.09.18 10:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
PRC - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWOW64\HidService.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\PAC7302\Monitor.exe

========== Modules (SafeList) ==========

MOD - [2010.03.24 21:50:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Turgut\Downloads\OTL.exe
MOD - [2009.04.10 22:28:20 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.01.03 20:42:21 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:64bit: - [2010.01.03 20:42:09 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2009.11.16 12:25:48 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.09.25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.03.30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysNative\HidService.exe -- (GenericHidService)
SRV:64bit: - [2008.01.21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008.01.21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (ezSharedSvc)
SRV - [2010.01.07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.01.04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.11.20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.05.25 16:42:42 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.03.29 20:39:56 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009.01.13 21:17:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysWow64\HidService.exe -- (GenericHidService)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2006.11.02 14:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 07:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 07:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.03.09 12:12:58 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010.03.09 12:12:39 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010.03.09 12:09:12 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010.03.09 12:08:56 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.03.09 12:08:33 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010.02.24 22:08:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.07 16:07:06 | 000,022,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2009.11.11 15:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.11.09 18:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009.10.28 18:47:22 | 000,139,280 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.23 09:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.04.30 22:56:34 | 000,588,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV:64bit: - [2009.04.10 21:42:22 | 000,140,288 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST) RMCAST (Pgm)
DRV:64bit: - [2009.04.10 21:39:52 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.04.10 21:39:36 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV:64bit: - [2007.09.10 08:50:26 | 000,527,360 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PAC7302.SYS -- (PAC7302)
DRV - [2009.11.21 12:01:13 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\nocashio.sys -- (nocashio)
DRV - [2006.09.18 22:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006.09.18 22:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006.09.18 08:50:18 | 000,022,784 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\afc.sys -- (Afc)
DRV - [2005.01.01 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 60 1F BE 57 7F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100314

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.03.23 15:33:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.03.23 15:33:03 | 000,000,000 | ---D | M]

[2009.10.17 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Extensions
[2010.03.25 15:10:15 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions
[2009.10.17 11:36:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.28 13:29:01 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010.03.25 15:10:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.27 20:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010.02.28 13:29:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.28 12:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.03.13 08:53:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.11.26 18:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010.02.27 20:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.03.15 12:51:19 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.03.01 13:37:16 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\battlefieldheroespatcher@ea.com
[2009.11.21 14:58:19 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\fdm_ffext@freedownloadmanager.org
[2010.02.25 22:40:32 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\firefox@tvunetworks.com
[2010.03.15 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\nasanightlaunch@example.com
[2010.03.25 15:10:15 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\staged-xpis
[2009.11.20 21:09:20 | 000,002,171 | ---- | M] () -- C:\Users\Turgut\AppData\Roaming\Mozilla\FireFox\Profiles\fo49jvy5.default\searchplugins\bing.xml
[2010.02.24 22:09:05 | 000,002,055 | ---- | M] () -- C:\Users\Turgut\AppData\Roaming\Mozilla\FireFox\Profiles\fo49jvy5.default\searchplugins\daemon-search.xml
[2010.03.12 12:48:59 | 000,002,272 | ---- | M] () -- C:\Users\Turgut\AppData\Roaming\Mozilla\FireFox\Profiles\fo49jvy5.default\searchplugins\google-und-download-suche.xml
[2010.03.25 14:01:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.13 22:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files (x86)\mozilla firefox\components\FFComm.dll
[2010.01.18 17:38:53 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.01.04 23:38:06 | 000,371,326 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 Proben bei 1000Gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12801 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ATI Technologies] C:\Users\Turgut\AppData\Roaming\ATI_disp.exe ()
O4:64bit: - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ATI Technologies] C:\Users\Turgut\AppData\Roaming\ATI_disp.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} hxxp://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Turgut\AppData\Roaming\ATI_disp.exe) - C:\Users\Turgut\AppData\Roaming\ATI_disp.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Creek.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Creek.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9943cfb6-2b35-11de-86a1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9943cfb6-2b35-11de-86a1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{ab208af9-dcbc-11de-9fef-002268644e8b}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008.01.21 04:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008.01.21 04:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010.03.24 23:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike Source
[2010.03.24 23:08:10 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler
[2010.03.24 21:50:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.24 21:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.03.24 20:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.03.24 16:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.03.24 14:12:08 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Unigine Heaven
[2010.03.24 12:18:40 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Desktop\Modified-Client_4.0
[2010.03.23 16:58:45 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.03.21 22:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2010.03.21 19:54:54 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.03.21 19:54:54 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.03.21 19:54:54 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.03.21 19:54:54 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.03.21 19:54:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.03.21 19:54:46 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.03.21 19:54:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.03.21 19:54:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.03.21 19:53:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.03.21 19:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.03.21 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Local\DNA
[2010.03.21 19:31:10 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\DNA
[2010.03.21 19:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DNA
[2010.03.20 20:21:47 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\TS3Client
[2010.03.20 20:21:42 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.03.19 14:36:17 | 000,000,000 | RH-D | C] -- C:\Users\Turgut\AppData\Roaming\SecuROM
[2010.03.19 14:36:14 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.03.19 14:31:09 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Documents\FIFA 08
[2010.03.18 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ
[2010.03.15 20:43:31 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.03.13 10:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore
[2010.03.13 10:00:59 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\Ubisoft
[2010.03.12 15:04:51 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Desktop\Fantasymt
[2010.03.11 08:36:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010.03.11 08:36:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010.03.11 08:36:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010.03.11 08:36:33 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010.03.10 21:25:29 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.03.09 18:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.03.09 18:51:36 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\Malwarebytes
[2010.03.09 18:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.09 18:51:28 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.08 18:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.03.08 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\My Games
[2010.03.07 14:16:00 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Documents\My Games
[2010.03.07 14:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.03.07 12:46:01 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.03.07 12:46:00 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.03.07 12:45:58 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.03.07 12:45:57 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.03.07 12:45:55 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.03.07 12:45:25 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.03.07 12:45:25 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010.03.07 12:11:07 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\GetRightToGo
[2010.03.07 12:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.02.28 15:35:35 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\Dreamlords
[2010.02.28 13:36:39 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Local\PunkBuster
[2010.02.28 12:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.02.27 20:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\IEConfiguration1und1
[2010.02.27 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Local\PackageAware
[2010.02.25 20:00:03 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Documents\Remote Assistance Logs
[2010.02.25 19:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2010.02.25 19:06:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\TVUAx
[2010.02.25 19:05:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TVUAx
[2010.02.25 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Documents\Verlauf
[2010.02.24 22:24:48 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.02.24 22:24:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.02.24 22:23:58 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.02.24 22:23:58 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.02.24 22:23:57 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.02.24 22:23:57 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.02.24 22:23:56 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.02.24 22:23:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.02.24 22:23:56 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.02.24 22:23:56 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.02.24 22:23:55 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.02.24 22:23:55 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.02.24 22:23:55 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010.02.24 22:23:55 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.02.24 22:23:55 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.02.24 22:23:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.02.24 22:23:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.02.24 22:23:55 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.02.24 22:23:55 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.02.24 22:23:54 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010.02.24 22:23:44 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010.02.24 22:23:44 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010.02.24 22:23:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010.02.24 22:23:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010.02.24 22:23:43 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010.02.24 22:23:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010.02.24 22:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010.02.24 22:08:05 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\DAEMON Tools Lite
[2010.02.24 22:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.02.11 21:59:22 | 002,901,328 | ---- | C] (Valve Corporation) -- C:\Users\Turgut\AppData\Roaming\Steam.dll

========== Files - Modified Within 30 Days ==========

[2010.03.25 16:27:02 | 009,175,040 | -HS- | M] () -- C:\Users\Turgut\ntuser.dat
[2010.03.25 16:25:00 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E73809B7-42D2-46E2-AC36-0672233513F9}.job
[2010.03.25 16:00:02 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.03.25 15:44:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.25 15:21:12 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.25 15:21:12 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.25 13:44:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.25 09:27:13 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.03.25 09:27:13 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.03.25 09:27:13 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.03.25 09:27:13 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.03.25 09:27:13 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.03.25 09:21:19 | 000,150,430 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.03.25 09:21:18 | 000,150,430 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.03.25 09:21:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.25 09:21:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.24 23:59:11 | 000,524,288 | -HS- | M] () -- C:\Users\Turgut\ntuser.dat{cb3bdab4-15c2-11df-b80c-002268644e8b}.TMContainer00000000000000000001.regtrans-ms
[2010.03.24 23:59:11 | 000,065,536 | -HS- | M] () -- C:\Users\Turgut\ntuser.dat{cb3bdab4-15c2-11df-b80c-002268644e8b}.TM.blf
[2010.03.24 23:58:59 | 001,479,757 | -H-- | M] () -- C:\Users\Turgut\AppData\Local\IconCache.db
[2010.03.24 23:32:26 | 000,001,876 | ---- | M] () -- C:\Users\Turgut\Desktop\Counter-Strike Source.lnk
[2010.03.24 23:08:14 | 000,001,680 | ---- | M] () -- C:\Users\Turgut\Desktop\Defraggler.lnk
[2010.03.24 23:07:06 | 000,001,726 | ---- | M] () -- C:\Users\Turgut\Desktop\CCleaner.lnk
[2010.03.24 22:20:25 | 000,162,716 | ---- | M] () -- C:\Users\Turgut\Desktop\Unbenannt.jpg
[2010.03.24 21:50:23 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.23 15:17:09 | 000,135,168 | ---- | M] () -- C:\Windows\Pjelaa.exe
[2010.03.21 19:46:24 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.03.21 10:45:29 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT
[2010.03.21 09:47:28 | 000,000,083 | ---- | M] () -- C:\Windows\CIV.INI
[2010.03.19 14:36:14 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.03.17 19:07:21 | 000,000,447 | ---- | M] () -- C:\Windows\win.ini
[2010.03.12 21:10:44 | 000,026,624 | ---- | M] () -- C:\Users\Turgut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.11 08:32:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.03.10 23:38:55 | 000,077,576 | ---- | M] () -- C:\Users\Turgut\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.10 23:37:59 | 000,328,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.03.10 21:25:28 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.03.09 20:28:47 | 000,000,025 | ---- | M] () -- C:\Windows\SIERRA.INI
[2010.03.09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.03.09 12:12:58 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.03.09 12:12:39 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.03.09 12:09:12 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.03.09 12:08:56 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.03.09 12:08:33 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.03.09 09:55:53 | 000,000,352 | ---- | M] () -- C:\Users\Turgut\Desktop\Turgut.lnk
[2010.03.09 09:25:06 | 000,001,014 | ---- | M] () -- C:\Users\Turgut\Desktop\JDownloader.lnk
[2010.03.08 18:24:09 | 000,000,104 | ---- | M] () -- C:\Users\Turgut\Desktop\Computer.lnk
[2010.03.07 18:19:29 | 000,005,632 | ---- | M] () -- C:\Windows\SysWow64\BReWErS.dll
[2010.03.07 15:19:13 | 000,001,286 | ---- | M] () -- C:\Users\Turgut\Desktop\R6Vegas2_Game - Verknüpfung.lnk
[2010.03.07 13:15:05 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.03.07 13:14:31 | 000,000,166 | ---- | M] () -- C:\Users\Turgut\Desktop\Papierkorb.lnk
[2010.03.07 12:46:01 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.07 12:24:21 | 000,000,819 | ---- | M] () -- C:\Users\Turgut\Desktop\Metin2.lnk
[2010.03.06 17:34:35 | 000,000,088 | ---- | M] () -- C:\Windows\nfsc_patch.ini
[2010.03.06 07:48:20 | 000,190,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.03.01 16:47:10 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll
[2010.02.28 13:14:24 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.02.24 22:08:36 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.02.24 10:26:46 | 000,294,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe

========== Files Created - No Company Name ==========

[2010.03.24 23:32:26 | 000,001,876 | ---- | C] () -- C:\Users\Turgut\Desktop\Counter-Strike Source.lnk
[2010.03.24 23:08:14 | 000,001,680 | ---- | C] () -- C:\Users\Turgut\Desktop\Defraggler.lnk
[2010.03.24 22:20:25 | 000,162,716 | ---- | C] () -- C:\Users\Turgut\Desktop\Unbenannt.jpg
[2010.03.24 21:50:23 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.24 21:07:04 | 000,367,432 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI35DC.txt
[2010.03.24 21:07:04 | 000,013,470 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI35DC.txt
[2010.03.24 21:07:04 | 000,012,850 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI35DD.txt
[2010.03.23 15:17:17 | 000,135,168 | ---- | C] () -- C:\Windows\Pjelaa.exe
[2010.03.21 19:46:24 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.03.17 14:21:10 | 000,921,632 | ---- | C] () -- C:\PA7302.DAT
[2010.03.12 13:02:26 | 000,000,083 | ---- | C] () -- C:\Windows\CIV.INI
[2010.03.10 23:31:44 | 000,367,438 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI5EB9.txt
[2010.03.10 23:31:44 | 000,015,162 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI5EB9.txt
[2010.03.10 21:58:13 | 000,406,064 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI1723.txt
[2010.03.10 21:58:12 | 000,015,112 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI1723.txt
[2010.03.09 09:55:53 | 000,000,352 | ---- | C] () -- C:\Users\Turgut\Desktop\Turgut.lnk
[2010.03.09 09:25:06 | 000,001,014 | ---- | C] () -- C:\Users\Turgut\Desktop\JDownloader.lnk
[2010.03.08 18:24:09 | 000,000,104 | ---- | C] () -- C:\Users\Turgut\Desktop\Computer.lnk
[2010.03.07 15:19:13 | 000,001,286 | ---- | C] () -- C:\Users\Turgut\Desktop\R6Vegas2_Game - Verknüpfung.lnk
[2010.03.07 14:48:22 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\BReWErS.dll
[2010.03.07 12:46:01 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.07 12:45:30 | 000,370,626 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI05B4.txt
[2010.03.07 12:45:29 | 000,011,474 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI05B4.txt
[2010.03.07 12:24:21 | 000,000,819 | ---- | C] () -- C:\Users\Turgut\Desktop\Metin2.lnk
[2010.03.07 12:02:06 | 000,441,568 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI6480.txt
[2010.03.07 12:02:06 | 000,011,714 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI6480.txt
[2010.03.06 17:34:35 | 000,000,088 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2010.02.28 13:37:07 | 000,190,160 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.02.28 13:14:24 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.02.24 22:09:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.02.10 21:00:26 | 000,093,696 | ---- | C] () -- C:\Users\Turgut\AppData\Roaming\ATI_disp.exe
[2010.02.10 20:28:01 | 000,404,326 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI4663.txt
[2010.02.10 20:28:01 | 000,011,144 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI4663.txt
[2010.02.09 18:41:12 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Remover.ini
[2010.01.29 20:31:56 | 000,010,574 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI1FCA.txt
[2010.01.29 20:31:55 | 000,365,732 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI1FC7.txt
[2010.01.29 20:31:55 | 000,011,162 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI1FC7.txt
[2010.01.29 20:24:22 | 000,010,654 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI1A00.txt
[2010.01.29 20:24:21 | 000,366,500 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI19FC.txt
[2010.01.29 20:24:21 | 000,011,194 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI19FC.txt
[2010.01.29 20:04:12 | 000,355,648 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI0A8A.txt
[2010.01.29 20:04:12 | 000,010,574 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI0A90.txt
[2010.01.29 20:04:10 | 000,011,418 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI0A8A.txt
[2009.12.29 20:47:58 | 000,026,624 | ---- | C] () -- C:\Users\Turgut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.29 17:31:21 | 000,003,318 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI1E96.txt
[2009.12.24 11:36:04 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.11.27 12:30:20 | 001,712,128 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2009.11.21 12:01:13 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\nocashio.sys
[2009.11.10 23:00:10 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\autoscan4.dll
[2009.11.10 21:28:00 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2009.10.02 20:56:44 | 001,448,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.15 13:27:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.05.29 19:05:33 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 19:05:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.05.26 19:23:00 | 000,150,430 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.26 19:23:00 | 000,150,430 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.25 21:13:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.05.25 18:15:13 | 000,000,117 | ---- | C] () -- C:\Windows\wininit.ini
[2009.04.17 11:09:23 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.13 21:08:35 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.03.20 16:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini
[2006.10.27 13:52:34 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP7311.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Driver Backup 6-11-2009-134253\IDE-Kanal#1\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Driver Backup 6-11-2009-134253\IDE-Kanal\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Driver Backup 6-11-2009-134253\Standard-Zweikanal-PCI-IDE-Controller\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Driver Backup 6-11-2009-143942\IDE-Kanal#1\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Driver Backup 6-11-2009-143942\IDE-Kanal\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Driver Backup 6-11-2009-143942\Standard-Zweikanal-PCI-IDE-Controller\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Larusso · 25.03.2010, 17:09

Well done

schritt 1

P2P-Filesharing
P2P-Programme sind an sich saubere Programme, jedoch weißt Du niemals was Du von wo herunterlädst. Programme aus Filesharing-Börsen stammen meist aus unsicheren Quellen und da sie häufig verseucht sind, rate ich Dir auch in Zukunft davon ab. Außerdem kann es Dich zu eventuell illegalen Handlungen verleiten, z. B. die Nutzung von Raubkopien.

schritt 2

Deinstalliere bitte
DVDVideoSoft Toolbar (Adware)
Google Update Helper (falls nicht benötigt)

schritt 3

Fixen mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
SRV - [2009.05.25 16:42:42 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
[2010.03.18 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Run Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

schritt 4

Lass OTL erneut laufen.

Bitte poste in Deiner nächsten Antwort
Log von OTL fix
OTL.txt
Berichte wie der Rechner läuft

xplayax11 · 25.03.2010, 17:58

All processes killed
========== OTL ==========
Service Partner Service stopped successfully!
Service Partner Service deleted successfully!
C:\ProgramData\Partner\partner.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Folder move failed. C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ\ZZZZZZZ scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcm

User: Public

User: Turgut
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8770962 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55079820 bytes
->Flash cache emptied: 4042 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68272 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4144535 bytes

Total Files Cleaned = 65,00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 03252010_174446

Files\Folders moved on Reboot...
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ\ZZZZZZZ folder moved successfully.
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ folder moved successfully.
C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ folder moved successfully.

Registry entries deleted on Reboot...

Larusso · 25.03.2010, 19:01

und die OTL.txt ?

xplayax11 · 25.03.2010, 20:13

is doch dass

Larusso · 25.03.2010, 21:40

Zitat:

schritt 4

Lass OTL erneut laufen.

Ich sehe keine neue OTL.txt.
Ich meinte OTL starten, Quickscan Button drücken und die neue Logfile posten.

xplayax11 · 25.03.2010, 23:13

OTL logfile created on: 25.03.2010 23:06:57 - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Turgut\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 851,05 Gb Free Space | 92,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCM-PC
Current User Name: Turgut
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.03.25 23:06:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Turgut\Downloads\OTL.exe
PRC - [2010.03.23 15:33:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.03.21 19:31:10 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2010.03.15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010.03.11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010.03.09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.03.09 09:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010.01.07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.01.07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009.11.20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.11.16 12:45:30 | 001,401,160 | ---- | M] (TuneUp Software) -- C:\Program Files (x86)\TuneUp Utilities 2009\Integrator.exe
PRC - [2009.09.30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009.07.26 16:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.18 10:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
PRC - [2008.09.18 10:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
PRC - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWOW64\HidService.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\PAC7302\Monitor.exe

========== Modules (SafeList) ==========

MOD - [2010.03.25 23:06:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Turgut\Downloads\OTL.exe
MOD - [2009.10.30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctgmhk.dll
MOD - [2009.04.10 22:28:20 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.01.03 20:42:21 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:64bit: - [2010.01.03 20:42:09 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2009.11.16 12:25:48 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.09.25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.03.30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysNative\HidService.exe -- (GenericHidService)
SRV:64bit: - [2008.01.21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008.01.21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (ezSharedSvc)
SRV - [2010.03.15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.01.07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.01.04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.11.20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.03.29 20:39:56 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009.01.13 21:17:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysWow64\HidService.exe -- (GenericHidService)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2006.11.02 14:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 07:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 07:35:15 | 000,055,846 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 60 1F BE 57 7F CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100314

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.03.23 15:33:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.03.23 15:33:03 | 000,000,000 | ---D | M]

[2009.10.17 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Extensions
[2010.03.25 16:45:37 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions
[2009.10.17 11:36:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.28 13:29:01 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010.03.25 16:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.03.25 16:45:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}-trash
[2010.02.27 20:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010.02.28 13:29:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.28 12:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.03.13 08:53:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.11.26 18:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010.02.27 20:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.03.15 12:51:19 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.03.01 13:37:16 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\battlefieldheroespatcher@ea.com
[2009.11.21 14:58:19 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\fdm_ffext@freedownloadmanager.org
[2010.02.25 22:40:32 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\firefox@tvunetworks.com
[2010.03.15 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\nasanightlaunch@example.com
[2010.03.25 15:10:15 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\mozilla\Firefox\Profiles\fo49jvy5.default\extensions\staged-xpis
[2009.11.20 21:09:20 | 000,002,171 | ---- | M] () -- C:\Users\Turgut\AppData\Roaming\Mozilla\FireFox\Profiles\fo49jvy5.default\searchplugins\bing.xml
[2010.02.24 22:09:05 | 000,002,055 | ---- | M] () -- C:\Users\Turgut\AppData\Roaming\Mozilla\FireFox\Profiles\fo49jvy5.default\searchplugins\daemon-search.xml
[2010.03.12 12:48:59 | 000,002,272 | ---- | M] () -- C:\Users\Turgut\AppData\Roaming\Mozilla\FireFox\Profiles\fo49jvy5.default\searchplugins\google-und-download-suche.xml
[2010.03.25 16:45:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.13 22:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files (x86)\mozilla firefox\components\FFComm.dll
[2010.01.18 17:38:53 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.01.04 23:38:06 | 000,371,326 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 Proben bei 1000Gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12801 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [ATI Technologies] C:\Users\Turgut\AppData\Roaming\ATI_disp.exe ()
O4:64bit: - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ATI Technologies] C:\Users\Turgut\AppData\Roaming\ATI_disp.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} hxxp://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Turgut\AppData\Roaming\ATI_disp.exe) - C:\Users\Turgut\AppData\Roaming\ATI_disp.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Creek.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Creek.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9943cfb6-2b35-11de-86a1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9943cfb6-2b35-11de-86a1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{ab208af9-dcbc-11de-9fef-002268644e8b}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.25 20:55:03 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Desktop\CSS
[2010.03.25 20:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010.03.25 20:19:29 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\uTorrent
[2010.03.25 19:54:15 | 000,000,000 | ---D | C] -- C:\Download
[2010.03.25 19:54:07 | 000,000,000 | ---D | C] -- C:\Nexon
[2010.03.25 17:44:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.25 17:42:25 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Local\Threat Expert
[2010.03.25 16:55:24 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.03.25 16:55:24 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.03.25 16:55:24 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.03.25 16:53:29 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010.03.25 16:53:29 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010.03.25 16:53:19 | 000,230,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010.03.25 16:53:03 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010.03.25 16:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010.03.25 16:52:53 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\PC Tools
[2010.03.25 16:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.03.25 16:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010.03.24 23:08:10 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler
[2010.03.24 21:50:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.24 21:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.03.24 20:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.03.24 16:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.03.24 14:12:08 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Unigine Heaven
[2010.03.24 12:18:40 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Desktop\Modified-Client_4.0
[2010.03.23 16:58:45 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.03.21 22:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2010.03.21 19:53:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.03.21 19:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.03.21 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Local\DNA
[2010.03.21 19:31:10 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\DNA
[2010.03.21 19:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DNA
[2010.03.20 20:21:47 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\TS3Client
[2010.03.19 14:36:17 | 000,000,000 | RH-D | C] -- C:\Users\Turgut\AppData\Roaming\SecuROM
[2010.03.19 14:36:14 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.03.19 14:31:09 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Documents\FIFA 08
[2010.03.13 10:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore
[2010.03.13 10:00:59 | 000,000,000 | ---D | C] -- C:\Users\Turgut\AppData\Roaming\Ubisoft
[2010.03.12 15:04:51 | 000,000,000 | ---D | C] -- C:\Users\Turgut\Desktop\Fantasymt
[2010.02.11 21:59:22 | 002,901,328 | ---- | C] (Valve Corporation) -- C:\Users\Turgut\AppData\Roaming\Steam.dll

========== Files - Modified Within 14 Days ==========

[2010.03.25 23:11:15 | 009,175,040 | -HS- | M] () -- C:\Users\Turgut\ntuser.dat
[2010.03.25 23:10:00 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E73809B7-42D2-46E2-AC36-0672233513F9}.job
[2010.03.25 23:00:00 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.03.25 22:44:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.25 22:08:13 | 000,000,638 | ---- | M] () -- C:\Users\Turgut\Desktop\Counter-Strike Source - Verknüpfung.lnk
[2010.03.25 22:00:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.25 22:00:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.25 20:20:12 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.03.25 20:07:26 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.03.25 20:07:26 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.03.25 20:07:26 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.03.25 20:07:26 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.03.25 20:07:26 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.03.25 20:03:23 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2010.03.25 20:01:04 | 000,150,430 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.03.25 20:01:04 | 000,150,430 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.03.25 20:00:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.25 20:00:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.25 20:00:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.25 19:59:20 | 000,524,288 | -HS- | M] () -- C:\Users\Turgut\ntuser.dat{cb3bdab4-15c2-11df-b80c-002268644e8b}.TMContainer00000000000000000001.regtrans-ms
[2010.03.25 19:59:20 | 000,065,536 | -HS- | M] () -- C:\Users\Turgut\ntuser.dat{cb3bdab4-15c2-11df-b80c-002268644e8b}.TM.blf
[2010.03.25 19:59:05 | 002,359,955 | -H-- | M] () -- C:\Users\Turgut\AppData\Local\IconCache.db
[2010.03.25 16:53:11 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.24 23:08:14 | 000,001,680 | ---- | M] () -- C:\Users\Turgut\Desktop\Defraggler.lnk
[2010.03.24 23:07:06 | 000,001,726 | ---- | M] () -- C:\Users\Turgut\Desktop\CCleaner.lnk
[2010.03.24 21:50:23 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.23 15:17:09 | 000,135,168 | ---- | M] () -- C:\Windows\Pjelaa.exe
[2010.03.21 10:45:29 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT
[2010.03.21 09:47:28 | 000,000,083 | ---- | M] () -- C:\Windows\CIV.INI
[2010.03.19 14:36:14 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.03.17 19:07:21 | 000,000,447 | ---- | M] () -- C:\Windows\win.ini
[2010.03.12 21:10:44 | 000,026,624 | ---- | M] () -- C:\Users\Turgut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010.03.25 22:08:13 | 000,000,638 | ---- | C] () -- C:\Users\Turgut\Desktop\Counter-Strike Source - Verknüpfung.lnk
[2010.03.25 20:20:12 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.03.25 16:55:25 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.03.25 16:55:24 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.03.25 16:55:24 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.03.25 16:55:24 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.03.25 16:55:24 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.03.25 16:53:29 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010.03.25 16:53:19 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010.03.25 16:53:11 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.25 16:53:03 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010.03.25 16:52:58 | 000,012,986 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI4183.txt
[2010.03.25 16:52:57 | 000,367,252 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI417A.txt
[2010.03.25 16:52:55 | 000,013,606 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI417A.txt
[2010.03.24 23:08:14 | 000,001,680 | ---- | C] () -- C:\Users\Turgut\Desktop\Defraggler.lnk
[2010.03.24 21:50:23 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.24 21:07:04 | 000,367,432 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI35DC.txt
[2010.03.24 21:07:04 | 000,013,470 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI35DC.txt
[2010.03.24 21:07:04 | 000,012,850 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI35DD.txt
[2010.03.23 15:17:17 | 000,135,168 | ---- | C] () -- C:\Windows\Pjelaa.exe
[2010.03.17 14:21:10 | 000,921,632 | ---- | C] () -- C:\PA7302.DAT
[2010.03.12 13:02:26 | 000,000,083 | ---- | C] () -- C:\Windows\CIV.INI
[2010.03.10 23:31:44 | 000,367,438 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI5EB9.txt
[2010.03.10 23:31:44 | 000,015,162 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI5EB9.txt
[2010.03.10 21:58:13 | 000,406,064 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI1723.txt
[2010.03.10 21:58:12 | 000,015,112 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI1723.txt
[2010.03.07 14:48:22 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\BReWErS.dll
[2010.03.07 12:45:30 | 000,370,626 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI05B4.txt
[2010.03.07 12:45:29 | 000,011,474 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI05B4.txt
[2010.03.07 12:02:06 | 000,441,568 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI6480.txt
[2010.03.07 12:02:06 | 000,011,714 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI6480.txt
[2010.03.06 17:34:35 | 000,000,088 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2010.02.10 21:00:26 | 000,093,696 | ---- | C] () -- C:\Users\Turgut\AppData\Roaming\ATI_disp.exe
[2010.02.10 20:28:01 | 000,404,326 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI4663.txt
[2010.02.10 20:28:01 | 000,011,144 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI4663.txt
[2010.02.09 18:41:12 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Remover.ini
[2010.01.29 20:31:56 | 000,010,574 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI1FCA.txt
[2010.01.29 20:31:55 | 000,365,732 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI1FC7.txt
[2010.01.29 20:31:55 | 000,011,162 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI1FC7.txt
[2010.01.29 20:24:22 | 000,010,654 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI1A00.txt
[2010.01.29 20:24:21 | 000,366,500 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI19FC.txt
[2010.01.29 20:24:21 | 000,011,194 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI19FC.txt
[2010.01.29 20:04:12 | 000,355,648 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI0A8A.txt
[2010.01.29 20:04:12 | 000,010,574 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI0A90.txt
[2010.01.29 20:04:10 | 000,011,418 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistUI0A8A.txt
[2009.12.29 20:47:58 | 000,026,624 | ---- | C] () -- C:\Users\Turgut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.29 17:31:21 | 000,003,318 | ---- | C] () -- C:\Users\Turgut\AppData\Local\dd_vcredistMSI1E96.txt
[2009.12.24 11:36:04 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.11.27 12:30:20 | 001,712,128 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2009.11.21 12:01:13 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\nocashio.sys
[2009.11.10 23:00:10 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\autoscan4.dll
[2009.11.10 21:28:00 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2009.10.02 20:56:44 | 001,448,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.15 13:27:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.05.29 19:05:33 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 19:05:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.05.26 19:23:00 | 000,150,430 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.26 19:23:00 | 000,150,430 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.25 21:13:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.05.25 18:15:13 | 000,000,117 | ---- | C] () -- C:\Windows\wininit.ini
[2009.04.17 11:09:23 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.13 21:08:35 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.03.20 16:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini
[2006.10.27 13:52:34 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP7311.ini

========== LOP Check ==========

[2009.11.14 11:29:24 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\AeroSnapApp
[2010.02.14 18:04:58 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Azureus
[2009.11.20 20:08:15 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\BitDefender
[2010.02.11 21:59:00 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Canneverbe Limited
[2009.10.17 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Canneverbe_Limited
[2009.12.26 12:35:04 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Charles
[2010.02.24 22:14:34 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\DAEMON Tools Lite
[2009.11.10 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\DAEMON Tools Pro
[2010.03.25 23:11:21 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\DNA
[2010.02.28 15:42:26 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Dreamlords
[2010.03.07 12:14:12 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\GetRightToGo
[2009.12.27 21:08:36 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\GrabPro
[2009.11.03 18:18:21 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\install
[2009.12.28 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Leadertech
[2009.10.25 21:14:28 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Mount&Blade
[2010.03.08 18:17:24 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\My Games
[2009.10.17 14:34:09 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Nokia
[2010.01.24 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Opera
[2009.12.27 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Orbit
[2009.11.22 15:16:40 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\PC Suite
[2009.11.06 18:31:24 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Sierra
[2010.02.10 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Spy-Net
[2010.02.06 12:56:16 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\TeamViewer
[2010.03.20 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\TS3Client
[2009.10.17 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\TuneUp Software
[2010.03.13 10:00:59 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Ubisoft
[2010.01.03 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\Uniblue
[2010.03.25 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\Turgut\AppData\Roaming\uTorrent
[2010.03.25 23:00:00 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.03.25 19:59:12 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.03.25 23:10:00 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E73809B7-42D2-46E2-AC36-0672233513F9}.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< SRV - [2009.05.25 16:42:42 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service) >

< IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) >

< IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) >

< O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) >

< O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) >

< [2010.03.18 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZZZZZZZZZZZZZZZZZZZZZ >

< :Commands >

< [purity] >

< [emptytemp] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 301 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 287 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Larusso · 26.03.2010, 14:40

Noch Probleme ?

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Signaturen werden heruntergeladen.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

cosinus · 26.03.2010, 14:43

Ich mich mich ja nur ungern ein ab das hier

C:\Windows\Pjelaa.exe

sieht komisch aus und eine Auswertung bei Virustotal würde mich mal interessieren

25.03.2010, 19:01	#10
Larusso /// Selecta Jahrusso	fehler meldungen mit .exe datein und die OTL.txt ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

26.03.2010, 14:43	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	fehler meldungen mit .exe datein Ich mich mich ja nur ungern ein ab das hier C:\Windows\Pjelaa.exe sieht komisch aus und eine Auswertung bei Virustotal würde mich mal interessieren __________________ Logfiles bitte immer in CODE-Tags posten

fehler meldungen mit .exe datein

Log-Analyse und Auswertung: fehler meldungen mit .exe datein