| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ich habe eine Malware.TraceWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.06.2010, 15:27
| #1 |
| |  Ich habe eine Malware.Trace Hi, ich habe seit ein paar Tagen ein Problem: Immer wenn ich den PC starte kommen mehrere Fenster die mich etwas fragen. Wenn ich mit ja antworte, kommt ein Activator für Office. Wenn ich mit Nein antworte, kommt nichts mehr, aber beim nächsten Start kommt das gleiche. Gleich darauf kommt eine Meldung von MalWareBytes' Anti-Malware, (Version 1.46)dass ich eine Malware.Trace auf meinem PC habe und ich sehe auch welche Datei es ist. Die Datei ist in meinem Temp Ordner und nennt sich "XxX.xXx". Ich habe diese Datei gefunden und habe bemerkt, dass diese sich jede Sekunde erneuert. Wenn ich sie lösche, kommt sie gleich wieder. Jetzt ist eine zweite Datei aufgetaucht, die "UuU.uUu" heißt. Und bei der ist es das gleiche. Wenn ich den PC im abgesicherten Modus starte, lassen diese Dateien sich löschen, aber sie kommen nach einem Neustart wieder. Ich kann, warum auch immer, nur bis gestern das System wiederherstellen, d.h. ich habe den Virus noch drauf. Hoffe ihr könnt mir helfen, sodass ich nicht Windows neu installieren muss. Danke im Vorraus |
|
24.06.2010, 15:33
| #2 |
| /// Malware-holic   | Ich habe eine Malware.Trace ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
|
24.06.2010, 15:55
| #3 |
| Gesperrt | Ich habe eine Malware.Trace Ok tut mir leid ich wollte es nochmal hier versuchen
__________________Geändert von ali-king (24.06.2010 um 16:05 Uhr) |
|
24.06.2010, 15:56
| #4 |
| Gesperrt | Ich habe eine Malware.Trace Ok tut mir leid ich wollte es nochmal hier versuchen Geändert von ali-king (24.06.2010 um 16:04 Uhr) |
|
24.06.2010, 16:00
| #5 |
| /// Malware-holic | Ich habe eine Malware.Trace du hast doch deine antwort schon im andern thread bekommen denke ich. |
|
24.06.2010, 16:06
| #6 |
| | Ich habe eine Malware.Trace So ich bin fertig und poste die Ergebnisse tut mir leid hat lange gedauert.  Hier ist jetzt die OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.06.2010 16:35:26 - Run 2 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Alihan\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 41,00% Memory free 8,00 Gb Paging File | 5,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 319,28 Gb Total Space | 56,18 Gb Free Space | 17,59% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KANYE_WEST Current User Name: Alihan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Alihan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Games\Just Cause 2\Just Cause 2\JustCause2.exe (Avalanche Studios) PRC - C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe (SlySoft Inc.) PRC - C:\Users\Alihan\AppData\Roaming\BitTorrentBooster\BTBMonitor.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) PRC - C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Silvercrest MTS2218 driver\KMProcess.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Silvercrest MTS2218 driver\KMConfig.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Silvercrest MTS2218 driver\StartAutorun.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Silvercrest MTS2218 driver\KMWDSrv.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Alihan\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Users\Alihan\AppData\Local\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (GJService) -- C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe (SlySoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (Windows7FirewallService) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Silvercrest MTS2218 driver\KMWDSrv.exe (UASSOFT.COM) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (MaplomL) -- C:\Windows\SysNative\drivers\maploml.sys (SlySoft Inc.) DRV:64bit: - (Maplom) -- C:\Windows\SysNative\drivers\maplom.sys (SlySoft Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV - (KLIF) -- C:\Windows\KLIF.spi () DRV - (WinVd32) -- C:\Windows\WinVd32.sys () DRV - (WinFLdrv) -- C:\Windows\SysWOW64\WinFLdrv.sys () DRV - (CSC) -- C:\Windows\CSC [2009.11.26 15:24:49 | 000,000,000 | ---D | M] DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (RushTopDevice2) -- C:\Program Files (x86)\MSI\DualCoreCenter\RushTop64.sys (Your Corporation) DRV - (DualCoreCenter) -- C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys (MICRO-STAR INT'L CO., LTD.) DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (WEBNTACCESS) -- C:\Windows\SysWOW64\Ntaccess.sys (Your Corporation) DRV - (FLASHSYS) -- C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys () DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG) DRV - (DynCal) -- C:\Windows\SysWOW64\drivers\Dyncal.sys (Ruling Technologies) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysWOW64\drivers\usbaudio.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.webaslan.com/bing IE - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ IE - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 1F 3D 23 16 CD CA 01 [binary data] IE - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: {3e4de160-d88d-11d9-8cd5-0800200c9a66}:0.6.2 FF - prefs.js..network.proxy.no_proxies_on: "local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.24 12:29:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.24 12:29:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.06.24 13:06:05 | 000,000,000 | ---D | M] [2010.03.27 16:44:05 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\mozilla\Extensions [2010.06.24 13:36:22 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\mozilla\Firefox\Profiles\0pw1ps50.default\extensions [2010.05.12 19:57:53 | 000,000,000 | ---D | M] (Simpler Blue) -- C:\Users\Alihan\AppData\Roaming\mozilla\Firefox\Profiles\0pw1ps50.default\extensions\{3e4de160-d88d-11d9-8cd5-0800200c9a66} [2010.06.20 19:41:34 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Alihan\AppData\Roaming\mozilla\Firefox\Profiles\0pw1ps50.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.05.12 14:54:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alihan\AppData\Roaming\mozilla\Firefox\Profiles\0pw1ps50.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.12 14:56:41 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\mozilla\Firefox\Profiles\0pw1ps50.default\extensions\elemhidehelper@adblockplus.org [2010.04.28 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\mozilla\Firefox\Profiles\0pw1ps50.default\extensions\firefox@tvunetworks.com [2010.06.24 13:36:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.21 15:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.24 13:36:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.06.12 03:24:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.06.12 03:24:05 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.06.12 03:24:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.06.12 03:24:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.06.12 03:24:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.24 13:50:32 | 000,409,104 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O1 - Hosts: 127.0.0.1 uat-onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 wsuplay.ubi.com O1 - Hosts: 127.0.0.1 static8.cdn.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 gconnect.ubi.com O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 14143 more lines... O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HKLM] C:\Users\Alihan\AppData\Roaming\default\svchost.exe (uOTcRxGGFK) O4 - HKLM..\Run: [KMCONFIG] C:\Program Files (x86)\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001..\Run: [BTBMonitor] C:\Users\Alihan\AppData\Roaming\BitTorrentBooster\BTBMonitor.exe () O4 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found O4 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001..\Run: [HKCU] C:\Users\Alihan\AppData\Roaming\default\svchost.exe (uOTcRxGGFK) O4 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Alihan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Alihan\AppData\Roaming\default\svchost.exe (uOTcRxGGFK) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Alihan\AppData\Roaming\default\svchost.exe (uOTcRxGGFK) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\..Trusted Domains: bambusratte.com ([]https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1252996294-1508575227-4102593622-1001\..Trusted Domains: com.tw ([www.msi] http in Vertrauenswürdige Sites) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWow64\DreamScene.dll File not found O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6dd5f4b0-7c37-11df-b17f-002421085b49}\Shell - "" = AutoRun O33 - MountPoints2\{6dd5f4b0-7c37-11df-b17f-002421085b49}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O33 - MountPoints2\{bece8110-e636-11de-8587-002421085b49}\Shell - "" = AutoRun O33 - MountPoints2\{bece8110-e636-11de-8587-002421085b49}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DualCoreCenter.lnk - C:\PROGRA~2\MSI\DUALCO~1\STARTU~1.EXE - () MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk - C:\PROGRA~2\MIF5BA~1\Office14\OFFICE~1\OFFICE~2.EXE - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: amd_dc_opt - hkey= - key= - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) MsConfig:64bit - StartUpReg: Bittorrentbooster - hkey= - key= - C:\Benutzer\Alihan\AppData\Roaming\BitTorrentBooster\BitTorrentBooster.exe File not found MsConfig:64bit - StartUpReg: Canaveral - hkey= - key= - C:\Windows\SysNative\sshnas21.DLL File not found MsConfig:64bit - StartUpReg: DelReg - hkey= - key= - C:\Program Files (x86)\MSI\DualCoreCenter\DelReg.exe () MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winampx\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof () SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof () SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof () SafeBootNet: TDI - Driver Group SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof () SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{47FFA9CE-F532-4511-A497-5549635590A2} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2K76EQS3-78GQ-M84G-111J-FF8TA6NW2WCQ} - C:\Users\Alihan\AppData\Roaming\default\svchost.exe ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: AutorunsDisabled - Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.06.24 14:44:37 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alihan\Desktop\OTL.exe [2010.06.24 13:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.06.24 13:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.06.24 13:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.06.24 13:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2010.06.24 13:05:27 | 000,560,216 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.06.24 12:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.06.23 19:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2010.06.23 19:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2010.06.23 19:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010.06.23 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2010.06.23 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2010.06.23 19:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010.06.23 19:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TFM [2010.06.23 19:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010.06.23 18:23:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.06.23 17:34:17 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\subinacl.exe [2010.06.23 17:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits [2010.06.23 15:19:09 | 000,000,000 | ---D | C] -- C:\161fc6aeeb37199e4b1b8f73a50a2c [2010.06.23 15:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up [2010.06.23 14:35:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.23 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.06.22 17:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aixcoustic [2010.06.22 16:50:23 | 000,000,000 | ---D | C] -- C:\Users\Alihan\AppData\Roaming\MAXON [2010.06.21 15:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.06.21 15:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.06.21 15:06:16 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.06.21 15:06:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.06.21 15:06:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.06.21 15:06:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.06.20 18:33:50 | 000,000,000 | ---D | C] -- C:\Users\Alihan\Desktop\Prince of Persia The Forgotten Sands [2010.06.20 16:50:13 | 000,000,000 | ---D | C] -- C:\Python26 [2010.06.20 12:37:49 | 000,000,000 | ---D | C] -- C:\Fraps [2010.06.17 15:42:56 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2010.06.17 15:42:56 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2010.06.17 15:42:56 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2010.06.17 15:42:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2010.06.17 15:42:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2010.06.17 15:42:55 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2010.06.17 15:42:55 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2010.06.17 15:42:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2010.06.15 04:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2010.06.15 04:16:22 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2010.06.13 12:59:12 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2010.06.13 12:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DkZ Studio [2010.06.13 12:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\DkZ Studio [2010.06.12 19:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PES 2010 Editor [2010.06.11 18:58:26 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.06.11 18:58:26 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.06.11 18:58:26 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.06.11 18:58:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.06.10 17:28:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2010.06.10 17:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2010.06.07 19:29:08 | 000,000,000 | ---D | C] -- C:\Users\Alihan\AppData\Roaming\bizarre creations [2010.06.07 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAMN NFO Viewer [2010.06.05 19:14:08 | 000,000,000 | ---D | C] -- C:\Users\Alihan\AppData\Local\ChromeKit [2010.06.05 19:14:07 | 000,000,000 | ---D | C] -- C:\Users\Alihan\.mobione [2010.06.05 19:12:58 | 000,000,000 | ---D | C] -- C:\Users\Alihan\AppData\Local\Genuitec [2010.06.03 22:30:14 | 000,275,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\DreamScene.dll [2010.06.03 22:21:44 | 000,275,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll [2010.06.03 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Alihan\AppData\Roaming\Publish Providers [2010.06.03 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\Alihan\AppData\Roaming\Sony [2010.06.03 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\Alihan\AppData\Local\Sony [2010.06.03 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2010.06.03 21:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2010.06.01 16:19:14 | 000,000,000 | ---D | C] -- C:\Users\Alihan\Documents\Drakensang [2010.05.29 17:28:27 | 000,000,000 | ---D | C] -- C:\Users\Alihan\Documents\Games for Windows - LIVE Demos [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.24 16:37:40 | 009,437,184 | -HS- | M] () -- C:\Users\Alihan\ntuser.dat [2010.06.24 16:35:24 | 000,002,942 | ---- | M] () -- C:\Users\Alihan\AppData\Roaming\cglogs.dat [2010.06.24 15:40:15 | 000,156,672 | ---- | M] (Radioactive) -- C:\Windows\SysWow64\rmc_fixasf.exe [2010.06.24 15:40:14 | 000,237,568 | ---- | M] () -- C:\Windows\SysWow64\rmc_rtspdl.dll [2010.06.24 15:25:32 | 000,000,622 | -HS- | M] () -- C:\Windows\KLIF.spi [2010.06.24 14:44:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alihan\Desktop\OTL.exe [2010.06.24 14:18:53 | 000,019,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.24 14:18:52 | 000,019,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.24 14:13:31 | 000,000,084 | -HS- | M] () -- C:\ProgramData\.zreglib [2010.06.24 14:13:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.24 14:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.24 14:13:15 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2010.06.24 13:50:32 | 000,409,104 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.06.24 13:19:31 | 000,001,286 | ---- | M] () -- C:\Users\Alihan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010.06.24 13:19:31 | 000,001,262 | ---- | M] () -- C:\Users\Alihan\Desktop\Spybot - Search & Destroy.lnk [2010.06.24 13:07:03 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.06.24 13:07:03 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.06.24 13:05:27 | 000,560,216 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.06.24 13:02:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2010.06.24 12:59:16 | 000,524,288 | -HS- | M] () -- C:\Users\Alihan\ntuser.dat{9332c0dd-7f7a-11df-bdee-b04a2b6c9b7f}.TMContainer00000000000000000002.regtrans-ms [2010.06.24 12:59:16 | 000,524,288 | -HS- | M] () -- C:\Users\Alihan\ntuser.dat{9332c0dd-7f7a-11df-bdee-b04a2b6c9b7f}.TMContainer00000000000000000001.regtrans-ms [2010.06.24 12:59:16 | 000,065,536 | -HS- | M] () -- C:\Users\Alihan\ntuser.dat{9332c0dd-7f7a-11df-bdee-b04a2b6c9b7f}.TM.blf [2010.06.24 12:40:45 | 000,079,336 | ---- | M] () -- C:\Users\Alihan\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.24 12:32:13 | 002,929,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.23 18:01:04 | 001,056,768 | ---- | M] () -- C:\Users\Alihan\defltbase.sdb [2010.06.23 17:59:02 | 000,000,475 | ---- | M] () -- C:\Windows\win.ini [2010.06.23 16:45:37 | 004,767,338 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.23 16:45:37 | 002,072,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.23 16:45:37 | 001,522,520 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.23 16:45:37 | 001,457,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.23 16:45:37 | 000,005,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.23 16:42:54 | 000,001,285 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100624-135032.backup [2010.06.22 16:22:46 | 000,017,408 | ---- | M] () -- C:\Users\Alihan\AppData\Local\WebpageIcons.db [2010.06.15 04:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2010.06.15 04:16:22 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2010.06.10 17:28:39 | 000,000,957 | ---- | M] () -- C:\Users\Alihan\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk [2010.06.03 21:56:16 | 000,002,608 | ---- | M] () -- C:\Users\Alihan\Documents\Vegas Pro registrieren.htm [2010.06.03 17:19:39 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.06.03 17:19:39 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.05.27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.05.27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.24 16:12:39 | 000,002,942 | ---- | C] () -- C:\Users\Alihan\AppData\Roaming\cglogs.dat [2010.06.24 14:18:53 | 000,000,622 | -HS- | C] () -- C:\Windows\KLIF.spi [2010.06.24 13:19:31 | 000,001,286 | ---- | C] () -- C:\Users\Alihan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010.06.24 13:19:31 | 000,001,262 | ---- | C] () -- C:\Users\Alihan\Desktop\Spybot - Search & Destroy.lnk [2010.06.24 13:07:03 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010.06.24 13:07:03 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010.06.24 12:40:21 | 000,524,288 | -HS- | C] () -- C:\Users\Alihan\ntuser.dat{9332c0dd-7f7a-11df-bdee-b04a2b6c9b7f}.TMContainer00000000000000000002.regtrans-ms [2010.06.24 12:40:21 | 000,524,288 | -HS- | C] () -- C:\Users\Alihan\ntuser.dat{9332c0dd-7f7a-11df-bdee-b04a2b6c9b7f}.TMContainer00000000000000000001.regtrans-ms [2010.06.24 12:40:21 | 000,065,536 | -HS- | C] () -- C:\Users\Alihan\ntuser.dat{9332c0dd-7f7a-11df-bdee-b04a2b6c9b7f}.TM.blf [2010.06.23 18:01:03 | 001,056,768 | ---- | C] () -- C:\Users\Alihan\defltbase.sdb [2010.06.10 17:28:39 | 000,000,957 | ---- | C] () -- C:\Users\Alihan\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk [2010.06.03 21:56:16 | 000,002,608 | ---- | C] () -- C:\Users\Alihan\Documents\Vegas Pro registrieren.htm [2010.05.09 12:29:19 | 000,000,325 | ---- | C] () -- C:\Windows\w32dasm8.ini [2010.04.20 16:42:20 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.04.01 17:56:18 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2010.01.17 19:49:34 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.01.17 10:49:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.01.13 18:26:30 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll [2010.01.06 17:34:59 | 000,005,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.12.22 14:59:09 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2009.12.15 18:05:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI [2009.12.12 14:14:41 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys [2009.12.12 14:14:41 | 000,021,888 | ---- | C] () -- C:\Windows\SysWow64\WinFLdrv.sys [2009.11.26 17:00:47 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys [2007.03.03 05:38:04 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\gc.dll ========== LOP Check ========== [2009.12.12 14:30:27 | 000,000,000 | -HSD | M] -- C:\Users\Alihan\AppData\Roaming\.# [2010.01.06 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\2K Sports [2010.05.25 12:16:14 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Acoustica [2010.05.25 12:06:33 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Antares [2010.01.02 01:41:01 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\AnvSoft [2009.12.24 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Audacity [2010.06.24 12:30:01 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\BitTorrent [2009.12.30 15:05:08 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\BitTorrentBooster [2010.06.07 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\bizarre creations [2010.05.11 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Bump Technologies, Inc [2009.11.26 17:32:33 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\DAEMON Tools Pro [2005.09.09 11:36:51 | 000,000,000 | RHSD | M] -- C:\Users\Alihan\AppData\Roaming\default [2009.12.17 16:16:02 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\hdbADS [2009.12.22 13:44:54 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\ICQ [2009.12.07 14:12:44 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\ImgBurn [2009.11.29 00:06:53 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Leadertech [2010.01.19 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\LG Electronics [2010.06.22 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\MAXON [2010.05.31 18:47:13 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\MudTV [2009.11.28 00:02:43 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Music Editor Free [2010.05.25 12:35:34 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\PACE Anti-Piracy [2010.06.03 21:56:54 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Publish Providers [2010.04.12 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\SanDisk [2009.12.24 13:23:08 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Screaming Bee [2009.12.28 22:11:41 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\SmartVoip [2010.06.03 21:56:31 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Sony [2010.06.18 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\TeamViewer [2010.04.08 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\TuneUp Software [2010.06.10 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Tunngle [2010.04.29 14:28:13 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Ubisoft [2010.01.18 17:18:40 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Vso [2010.05.28 15:29:12 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.12.12 14:30:27 | 000,000,000 | -HSD | M] -- C:\Users\Alihan\AppData\Roaming\.# [2010.01.06 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\2K Sports [2010.05.25 12:16:14 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Acoustica [2010.02.09 20:01:50 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Adobe [2009.12.02 17:39:36 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Ahead [2010.05.25 12:06:33 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Antares [2010.01.02 01:41:01 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\AnvSoft [2009.11.29 11:59:27 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\ATI [2009.12.24 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Audacity [2010.01.28 14:26:47 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\AVS4YOU [2010.06.24 12:30:01 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\BitTorrent [2009.12.30 15:05:08 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\BitTorrentBooster [2010.06.07 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\bizarre creations [2010.05.11 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Bump Technologies, Inc [2009.11.26 17:32:33 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\DAEMON Tools Pro [2005.09.09 11:36:51 | 000,000,000 | RHSD | M] -- C:\Users\Alihan\AppData\Roaming\default [2010.01.12 22:49:10 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\DivX [2010.05.14 12:26:03 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\dvdcss [2009.12.17 16:16:02 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\hdbADS [2009.12.22 13:44:54 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\ICQ [2009.11.26 15:31:31 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Identities [2009.12.07 14:12:44 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\ImgBurn [2009.11.29 00:06:53 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Leadertech [2010.01.19 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\LG Electronics [2009.11.26 15:35:07 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Macromedia [2010.04.09 18:20:23 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Malwarebytes [2010.06.22 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\MAXON [2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Media Center Programs [2010.06.24 12:29:10 | 000,000,000 | --SD | M] -- C:\Users\Alihan\AppData\Roaming\Microsoft [2010.03.27 16:44:05 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Mozilla [2010.05.31 18:47:13 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\MudTV [2009.11.28 00:02:43 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Music Editor Free [2009.12.15 21:11:38 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Nero [2009.12.01 17:01:02 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\NeroDigital(TM) [2010.05.25 12:35:34 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\PACE Anti-Piracy [2010.06.03 21:56:54 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Publish Providers [2010.04.12 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\SanDisk [2009.12.24 13:23:08 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Screaming Bee [2009.12.05 22:15:29 | 000,000,000 | RH-D | M] -- C:\Users\Alihan\AppData\Roaming\SecuROM [2010.06.10 18:52:42 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Skype [2010.06.10 17:06:42 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\skypePM [2009.12.28 22:11:41 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\SmartVoip [2010.06.03 21:56:31 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Sony [2010.06.18 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\TeamViewer [2010.04.08 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\TuneUp Software [2010.06.10 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Tunngle [2010.06.07 17:36:12 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\U3 [2010.04.29 14:28:13 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Ubisoft [2010.06.24 15:42:25 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\vlc [2010.01.18 17:18:40 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Vso [2010.01.03 14:25:28 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\Winampx [2009.11.26 15:37:34 | 000,000,000 | ---D | M] -- C:\Users\Alihan\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.01.18 17:07:18 | 000,099,384 | ---- | M] () -- C:\Users\Alihan\AppData\Roaming\inst.exe [2009.12.30 14:58:44 | 002,639,872 | ---- | M] () -- C:\Users\Alihan\AppData\Roaming\BitTorrentBooster\BitTorrentBooster.exe [2009.12.30 14:58:44 | 000,096,256 | ---- | M] () -- C:\Users\Alihan\AppData\Roaming\BitTorrentBooster\BTBMonitor.exe [2009.12.30 14:58:44 | 000,100,352 | ---- | M] () -- C:\Users\Alihan\AppData\Roaming\BitTorrentBooster\Uninstall.exe [2009.12.30 14:58:45 | 000,094,208 | ---- | M] () -- C:\Users\Alihan\AppData\Roaming\BitTorrentBooster\updater.exe [2005.09.12 12:30:33 | 002,007,040 | RHS- | M] (uOTcRxGGFK) -- C:\Users\Alihan\AppData\Roaming\default\svchost.exe [2010.06.23 15:07:39 | 000,003,584 | R--- | M] () -- C:\Users\Alihan\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe [2009.12.09 21:24:49 | 000,010,134 | R--- | M] () -- C:\Users\Alihan\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe [2009.12.16 18:38:07 | 000,010,134 | R--- | M] () -- C:\Users\Alihan\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\Foren.exe [2009.12.16 18:38:07 | 000,000,766 | R--- | M] () -- C:\Users\Alihan\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\htmledit.exe [2010.04.26 17:58:29 | 000,010,134 | R--- | M] () -- C:\Users\Alihan\AppData\Roaming\Microsoft\Installer\{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}\ARPPRODUCTICON.exe [2010.04.12 18:17:15 | 000,354,744 | ---- | M] (SanDisk Corporation) -- C:\Users\Alihan\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Alihan\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Alihan\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.08.06 01:00:00 | 000,028,787 | ---- | M] () MD5=9517DD94BABFCCDBA18772AB41AF4A57 -- C:\Users\Alihan\Desktop\Wichtig\XAMPP\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll [2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\LocationApi.dll [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll [2009.07.14 03:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\scrrun.dll [2009.08.29 08:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 1307 bytes -> C:\ProgramData\Microsoft:0rNP6LsjJ3bYh3ioIuxskFtto @Alternate Data Stream - 1276 bytes -> C:\ProgramData\Microsoft:wKXtRgzG7Yvjd70lQ2ugHnnTj @Alternate Data Stream - 1252 bytes -> C:\Users\Alihan\AppData\Local\4BaajQcIqF39F9:5tkoL4sIpmycuM25dQnuoJF @Alternate Data Stream - 1228 bytes -> C:\ProgramData\Microsoft:zv9xJ980rUa0x97dyV < End of report > |
|
24.06.2010, 16:07
| #7 |
| | Ich habe eine Malware.Trace Und nun kommt die Extras.txt (hat nicht in einen Beitrag gepasst. : OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.06.2010 16:35:26 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Alihan\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 41,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 319,28 Gb Total Space | 56,18 Gb Free Space | 17,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winampx\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winampx\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winampx\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winampx\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winampx\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winampx\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Desktop Flag 3D_is1" = PUSH Entertainment - Desktop Flag 3D
"Explorer Suite_is1" = Explorer Suite III
"Game Jackal v4_is1" = Game Jackal v4.0.2.3 (64 bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10C16DEA-54F7-491E-8942-5372A6278640}_is1" = Assassin's Creed II 1.0.0.0
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1c2df75f-159f-4d40-87b3-8b0d953bfa74}" = Nero 9 Trial
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F2B569E-2024-48B8-867B-DB1BF2338F38}" = Silvercrest MTS2218 driver
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4D68D398-7760-426D-8395-83EE0676FC7E}" = Antares Auto-Tune Evo RTAS
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E3404B-B05D-4152-8748-CA5BA8B5FE41}" = SPEED-LINK STEERING WHEEL DRIVER v4.0
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5AEDCB07-25E3-4136-BE1E-BB2A2944355D}" = Game Graphic Studio
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9501434E-8251-484D-819E-FCB93624899A}" = MP3 Recorder for YouTube
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E43E5F45-E924-4D83-9DB9-8D74BCF7A9DD}" = Antares Auto-Tune Evo TDM
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}" = PES 2010 Editor
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Any Video Converter_is1" = Any Video Converter 3.0.1
"AnyDVD" = AnyDVD
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Battle.net" = Battle.net
"BitTorrent" = BitTorrent
"BitTorrentBooster" = BitTorrentBooster
"Blur(TM)_is1" = Blur(TM)
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creation Master 10_is1" = Creation Master 10 Release 10.1
"CryptextNT4" = Cryptext (Remove Only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Drakensang_is1" = Drakensang (High Texture Pack)
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"Drive Power Manager_is1" = Drive Power Manager 1.10
"Drumaxx" = Drumaxx
"DualCoreCenter_is1" = DualCoreCenter
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Game Cam" = Game Cam 2.54.0.47
"GeoGebra" = GeoGebra
"German Truck Simulator" = German Truck Simulator 1.00
"GTA4 Mod Installer 0.2.0" = GTA4 Mod Installer 0.2.0
"Hardcore" = Hardcore
"HD Tune_is1" = HD Tune 2.55
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2F2B569E-2024-48B8-867B-DB1BF2338F38}" = Silvercrest MTS2218 driver
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"IsoBuster_is1" = IsoBuster 2.6
"Liveupdate4_is1" = Liveupdate4
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Music Editor Free" = Music Editor Free
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PoiZone" = PoiZone
"Replay Media Catcher 3.11" = Replay Media Catcher
"Sakura" = Sakura
"Sawer" = Sawer
"SmartVoip_is1" = SmartVoip
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"TeamViewer 5" = TeamViewer 5
"Toxic Biohazard" = Toxic Biohazard
"Tunngle beta_is1" = Tunngle beta
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VGEE" = Vista Game Explorer Editor
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 3.0.3.21
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WTV2MP4" = WTV to MP4
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1252996294-1508575227-4102593622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.06.2010 13:26:44 | Computer Name = Kanye_West | Source = Office Software Protection Platform Service | ID = 8200
Description =
Error - 23.06.2010 13:26:44 | Computer Name = Kanye_West | Source = Office Software Protection Platform Service | ID = 1012
Description =
Error - 23.06.2010 15:26:35 | Computer Name = Kanye_West | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3814,
Zeitstempel: 0x4c12b3eb Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x10417c22 ID des fehlerhaften
Prozesses: 0x3e8 Startzeit der fehlerhaften Anwendung: 0x01cb1309f0341c5c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 3c4a5567-7efd-11df-a7c2-002421085b49
Error - 23.06.2010 16:34:14 | Computer Name = Kanye_West | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.06.2010 16:34:14 | Computer Name = Kanye_West | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.06.2010 16:34:14 | Computer Name = Kanye_West | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 24.06.2010 07:17:32 | Computer Name = Kanye_West | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Alihan\Desktop\SoftonicDownloader20443.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 24.06.2010 07:17:33 | Computer Name = Kanye_West | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Alihan\Desktop\SoftonicDownloader20443.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 24.06.2010 09:59:08 | Computer Name = Kanye_West | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LegoStarwars.exe, Version: 0.0.0.0,
Zeitstempel: 0x43c5009a Name des fehlerhaften Moduls: LegoStarwars.exe, Version:
0.0.0.0, Zeitstempel: 0x43c5009a Ausnahmecode: 0xc0000005 Fehleroffset: 0x001298de
ID
des fehlerhaften Prozesses: 0xdb8 Startzeit der fehlerhaften Anwendung: 0x01cb13a5571a6528
Pfad
der fehlerhaften Anwendung: C:\Games\LEGO Star Wars Game\LegoStarwars.exe Pfad des
fehlerhaften Moduls: C:\Games\LEGO Star Wars Game\LegoStarwars.exe Berichtskennung:
a7fd5e22-7f98-11df-98ad-002421085b49
Error - 24.06.2010 09:59:30 | Computer Name = Kanye_West | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LegoStarwars.exe, Version: 0.0.0.0,
Zeitstempel: 0x43c5009a Name des fehlerhaften Moduls: LegoStarwars.exe, Version:
0.0.0.0, Zeitstempel: 0x43c5009a Ausnahmecode: 0xc0000005 Fehleroffset: 0x001298de
ID
des fehlerhaften Prozesses: 0x167c Startzeit der fehlerhaften Anwendung: 0x01cb13a56ec9d39f
Pfad
der fehlerhaften Anwendung: C:\Games\LEGO Star Wars Game\LegoStarwars.exe Pfad des
fehlerhaften Moduls: C:\Games\LEGO Star Wars Game\LegoStarwars.exe Berichtskennung:
b4e4a839-7f98-11df-98ad-002421085b49
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
24.06.2010, 16:10
| #8 |
| /// Malware-holic | Ich habe eine Malware.Trace und denkst du vllt das wir uns mit der kneifzange anziehen? wie kann man nur so blöde sein und nicht mal den namen aus dem log entfernen, du hast natürlich rein zufällig genau das selbe log wie http://www.trojaner-board.de/member.php?u=73043 welches entfernt wurde :d:d vor allem denkst du es war besonders hilfreich den selben beginn wie im andern thread zu wählen... |
|
28.06.2010, 03:49
| #9 |
| Administrator /// technical service  | Ich habe eine Malware.Trace |
|
| Themen zu Ich habe eine Malware.Trace |
| abgesicherten, anti-malware, aufgetaucht, datei, dateien, fenster, frage, installieren, löschen, malwarebytes, malwarebytes' anti-malware, mehrere fenster, meldung, modus, nennt, neustart, nichts, ordner, problem, starte, system, temp, version, virus, warum, wiederherstellen, windows, worte |
Linear-Darstellung
