| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus löscht alles und läst sich nicht finden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.04.2011, 13:35
| #1 |
 |  Virus löscht alles und läst sich nicht finden! Hallo zusammen, ich habe folgendes Problem, ich habe letzte nacht ein Virus ich glaube von einer Internetseite eingefangen, aufeinmal tickt der Pc aus und es kommen Fenster wie Kritischer Fehler und ein Pogramm namens Windows Recovery öffnet sich, er prüft von selbst meine fehler beseitigt die hälfte der Fehler und verlangt das ich für den Rest das Produckt kaufe :O. Naja hab ich nicht gemacht dann ist der Pc abgestürtzt, nach dem neustart war der Desktop ist aufeinmal Schwarz und Datein weg und auch ganz Eigene Datein. Dann kommt unten von Avast ein Fenster in dem steht das er ein Virus in Program Data ''gestopt'', nur leider existirt dieser ORdner auch nicht mehr, ich habe erstmal im Tas.Manager ein pogramm namens 43........(weiter weiß ich nicht mehr).exe gestopt. JEtzt ist alles einigermasen Okay. So meine Frage, wie lösche ich diesen Virus jetzt ( Malewarebyte und Avast haben nix genutzt), und kann die verschwundenen Datein noch retten. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:15:20, on 22.04.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.2.556\de\setup.exe C:\Users\Arzu-Selcuk-Sena\Downloads\HiJackThis204(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.packardbell.com/?id=9283 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.packardbell.com/?id=9283 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [GoWNKtoBbTfMqRQ] C:\ProgramData\GoWNKtoBbTfMqRQ.exe O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user') O4 - Startup: Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Netzmanager Infrastruktur Informationssystem Dienst (Netzmanager Service) - Deutsche Telekom AG - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- End of file - 9505 bytes Danke schomal im voraus  |
|
22.04.2011, 13:37
| #2 |
| /// Malware-holic   | Virus löscht alles und läst sich nicht finden! Systemscan mit OTL
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
22.04.2011, 14:14
| #3 |
| | Virus löscht alles und läst sich nicht finden! OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.04.2011 14:44:24 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Arzu-Selcuk-Sena\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 95,51 Gb Free Space | 33,39% Space Free | Partition Type: NTFS Computer Name: SELCUK | User Name: Arzu-Selcuk-Sena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arzu-Selcuk-Sena\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Arzu-Selcuk-Sena\Downloads\HiJackThis204(2).exe (Trend Micro Inc.) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.2.556\de\setup.exe () PRC - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Arzu-Selcuk-Sena\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll () SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe (SiSoftware) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys (SiSoftware) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (MTOnlPktAlyX) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: islamicdate@tantos.web.id:0.1.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010.09.16 16:57:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 18:54:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.23 18:54:38 | 000,000,000 | ---D | M] [2010.07.02 23:09:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Extensions [2011.04.22 14:37:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions [2010.09.16 16:58:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (DownThemAll!) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (Battlefield Play4Free) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\battlefieldplay4free@ea.com [2010.08.20 21:26:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\DTToolbar@toolbarnet.com-trash [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (FireDownload) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\firedownload@mozilla.org [2010.08.31 14:39:47 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\firefox@tvunetworks.com [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (Islamic Date) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\islamicdate@tantos.web.id [2010.08.20 20:16:41 | 000,002,059 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\searchplugins\daemon-search.xml [2011.04.19 02:23:17 | 000,000,950 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\searchplugins\icqplugin-1.xml [2010.08.20 21:26:13 | 000,000,950 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\searchplugins\icqplugin-2.xml [2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\searchplugins\icqplugin.xml [2011.04.04 16:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.07.13 18:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.15 16:03:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.02 21:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.04 18:17:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.04 16:28:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.09.21 10:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2010.12.12 13:58:00 | 000,156,072 | ---- | M] (SpeakyChat) -- C:\Program Files\Mozilla Firefox\plugins\npspeakychat.dll [2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll [2011.03.03 19:38:25 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:38:25 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.03 19:38:25 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:38:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:38:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.) O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [GoWNKtoBbTfMqRQ] C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust) O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - Startup: C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Wallpaper Sci-Fi_1900x1440.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Wallpaper Sci-Fi_1900x1440.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{00fd0473-ee30-11de-915b-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{00fd0473-ee30-11de-915b-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{00fd0493-ee30-11de-915b-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{00fd0493-ee30-11de-915b-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{14cf2407-fb0a-11df-99b3-001e689ec15c}\Shell\AutoRun\command - "" = E:\Jobrocket-starten.exe O33 - MountPoints2\{5e0145cb-edad-11de-a881-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{5e0145cb-edad-11de-a881-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5e0145ea-edad-11de-a881-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{5e0145ea-edad-11de-a881-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{78e22356-d08d-11df-878c-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{78e22356-d08d-11df-878c-001e689ec15c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O33 - MountPoints2\{ab1dd84e-f96e-11de-84e6-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{ab1dd84e-f96e-11de-84e6-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Arzu-Selcuk-Sena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {543C8939-821C-0645-5DA1-5A6D20B85144} - Adobe Shockwave Director 10.3 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7E98DCAF-8C38-DA98-2EF7-13AEDD0A7627} - Internet Explorer ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 12:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.04.22 01:55:01 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.22 01:43:35 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\GoWNKtoBbTfMqRQ.exe [2011.04.21 16:34:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.04.21 14:34:19 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Malwarebytes [2011.04.21 14:33:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.21 14:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.21 14:33:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 14:33:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.21 14:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.21 14:31:55 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe [2011.04.21 14:30:54 | 000,361,288 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe [2011.04.21 14:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2009 [2011.04.21 14:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009 [2011.04.21 14:29:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357} [2011.04.21 14:27:22 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\GetRightToGo [2011.04.21 14:27:22 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Documents\Downloads [2011.04.19 21:57:28 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Desktop\saves [2011.04.19 21:55:59 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Desktop\.minecraft [2011.04.18 21:23:40 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Desktop\Hegemony_Gold_Wars_of_Ancient_Greece_GERMAN-BACKLASH [2011.04.18 14:52:52 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Longbow Digital Arts [2011.04.18 14:52:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Longbow Digital Arts [2011.04.18 14:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hegemony Gold [2011.04.18 14:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Longbow Digital Arts [2011.04.13 13:16:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 13:16:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 13:16:41 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 13:16:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 13:16:34 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 13:16:24 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 13:16:24 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 13:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 13:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.13 13:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 13:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.13 13:16:22 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 13:16:19 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 13:16:19 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.06 21:44:30 | 006,637,575 | -H-- | C] (McAfee Inc.) -- C:\Users\Arzu-Selcuk-Sena\Desktop\stinger10101327.exe [2011.04.04 17:59:23 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\PunkBuster [2011.04.04 17:56:55 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Documents\Battlefield Play4Free [2011.04.04 17:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2011.04.04 16:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2011.04.04 16:28:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.04 16:28:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.04 16:28:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 14:30:00 | 000,000,362 | -H-- | M] () -- C:\Windows\tasks\Erweiterte Garantie-Arzu-Selcuk-Sena.job [2011.04.22 14:28:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.22 14:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.04.22 13:53:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 13:53:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 13:17:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 02:53:28 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{06175F9D-B190-46D2-A514-79B28EA998BB}.job [2011.04.22 02:50:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.22 02:50:40 | 3756,441,600 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 01:58:44 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.22 01:58:44 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.22 01:58:44 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.22 01:58:44 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.22 01:55:16 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~43048712 [2011.04.22 01:55:16 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43048712r [2011.04.22 01:55:01 | 000,000,586 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\Windows Recovery.lnk [2011.04.22 01:54:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43048712 [2011.04.22 01:52:36 | 000,487,424 | -H-- | M] () -- C:\ProgramData\43048712.exe [2011.04.22 01:43:32 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\GoWNKtoBbTfMqRQ.exe [2011.04.21 14:33:57 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 14:31:55 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe [2011.04.21 14:30:54 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe [2011.04.21 14:30:45 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.04.21 14:30:44 | 000,001,627 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk [2011.04.21 01:30:55 | 000,000,384 | -H-- | M] () -- C:\ProgramData\42655496 [2011.04.21 01:28:48 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42655496 [2011.04.21 01:28:48 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42655496r [2011.04.18 20:19:34 | 000,138,264 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.04.18 20:19:25 | 000,234,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.04.18 16:21:36 | 000,001,508 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Documents\mcedit.ini [2011.04.16 16:37:45 | 000,046,394 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Documents\cc_20110416_163737.reg [2011.04.16 15:28:38 | 000,000,680 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\d3d9caps.dat [2011.04.15 16:59:29 | 000,039,001 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\4598a306.jpg [2011.04.15 16:59:23 | 000,038,630 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\391f19f4.jpg [2011.04.14 07:44:13 | 000,259,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 19:39:12 | 000,000,017 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\stinger10101327.opt [2011.04.06 21:45:01 | 006,637,575 | -H-- | M] (McAfee Inc.) -- C:\Users\Arzu-Selcuk-Sena\Desktop\stinger10101327.exe [2011.04.04 17:44:43 | 000,138,056 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\PnkBstrK.sys [2011.04.01 21:31:01 | 000,191,280 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\20.htm [2011.03.26 16:25:48 | 000,000,617 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 2D.lnk [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.22 01:55:16 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43048712r [2011.04.22 01:55:15 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~43048712 [2011.04.22 01:55:01 | 000,000,586 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\Windows Recovery.lnk [2011.04.22 01:54:53 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43048712 [2011.04.22 01:52:36 | 000,487,424 | -H-- | C] () -- C:\ProgramData\43048712.exe [2011.04.21 14:33:57 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 14:32:25 | 000,000,522 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.04.21 14:30:44 | 000,001,627 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk [2011.04.21 14:30:44 | 000,000,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2009.lnk [2011.04.21 02:00:48 | 3756,441,600 | -HS- | C] () -- C:\hiberfil.sys [2011.04.21 01:28:48 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~42655496 [2011.04.21 01:28:48 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42655496r [2011.04.21 01:28:39 | 000,000,384 | -H-- | C] () -- C:\ProgramData\42655496 [2011.04.16 16:37:40 | 000,046,394 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Documents\cc_20110416_163737.reg [2011.04.15 16:59:28 | 000,039,001 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\4598a306.jpg [2011.04.15 16:59:22 | 000,038,630 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\391f19f4.jpg [2011.04.06 22:24:02 | 000,000,017 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\stinger10101327.opt [2011.04.04 17:59:28 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2011.04.04 17:44:44 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.04.04 17:44:43 | 000,138,056 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\PnkBstrK.sys [2011.04.04 17:44:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.04.04 17:44:13 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.04.01 21:31:03 | 000,191,280 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\20.htm [2011.01.30 16:25:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.11.09 10:20:13 | 000,023,580 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\UserTile.png [2010.10.20 15:20:21 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2010.10.20 15:20:21 | 000,000,884 | ---- | C] () -- C:\Windows\unins000.dat [2010.10.15 17:33:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.10.11 20:02:04 | 000,000,041 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TheHunterSettings_live.cfg [2010.09.28 22:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.09.27 17:02:44 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.08.17 04:05:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.05 21:20:45 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.08.05 21:20:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.22 19:30:23 | 012,836,864 | -H-- | C] () -- C:\ProgramData\sandra.mda [2010.07.22 16:52:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.22 16:51:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.22 16:51:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.07.04 16:59:03 | 000,000,680 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\d3d9caps.dat [2010.05.27 18:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.01.04 20:26:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.01.04 20:26:14 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.12.20 23:59:39 | 000,031,744 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.07 11:53:17 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.08.07 11:53:17 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.08.07 11:53:17 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.08.07 11:53:17 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.08.07 02:47:31 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.08.07 02:41:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.08.07 02:35:24 | 000,000,144 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.07.19 09:24:09 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.07.19 09:24:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.04.02 00:46:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,259,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2000.07.15 01:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe ========== LOP Check ========== [2010.11.12 20:56:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\0ad [2010.08.18 20:36:39 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Clonk Rage [2010.09.06 14:09:17 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Cornelsen [2010.08.20 20:29:27 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DAEMON Tools Lite [2010.07.22 09:56:25 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DeviceDoctorSoftware [2011.04.21 01:55:01 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Flatcast [2011.02.13 00:47:57 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\flightgear.org [2010.08.01 01:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\FOG Downloader [2011.04.21 14:32:12 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\GetRightToGo [2010.08.20 23:48:54 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Imperium Romanum [2010.07.09 10:40:38 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\LG Electronics [2011.04.18 14:52:52 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Longbow Digital Arts [2010.01.08 02:52:32 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mount&Blade Warband [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2010.07.13 20:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\My Games [2010.08.27 02:27:29 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\opencity [2010.12.27 18:54:00 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\OpenClonk [2010.09.27 21:18:28 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\OpenOffice.org [2010.08.11 17:54:36 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Opera [2009.12.21 00:08:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Packard Bell [2010.08.25 15:22:16 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Puresoto Group, INC [2010.01.04 20:25:46 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Samsung [2010.06.26 14:40:12 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\SecondLife [2009.12.24 20:52:14 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Sierra Entertainment [2009.12.21 01:35:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Sports Interactive [2010.01.06 21:20:42 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\T-Online [2010.12.19 01:54:43 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\thriXXX [2010.09.27 17:31:11 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Tobit [2010.08.16 04:24:52 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Tropico3 [2010.06.27 20:37:48 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TubeBox [2011.04.21 14:30:53 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TuneUp Software [2011.01.08 23:25:22 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Ubisoft [2010.07.30 11:51:45 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Utherverse [2011.04.22 14:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.04.22 14:30:00 | 000,000,362 | -H-- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-Arzu-Selcuk-Sena.job [2011.04.22 02:22:08 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.22 02:53:28 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{06175F9D-B190-46D2-A514-79B28EA998BB}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.11.12 20:56:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\0ad [2010.08.13 02:43:54 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Adobe [2010.11.04 22:53:03 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Apple Computer [2009.12.20 23:28:43 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\ATI [2010.08.18 20:36:39 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Clonk Rage [2010.09.06 14:09:17 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Cornelsen [2010.08.20 20:29:27 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DAEMON Tools Lite [2010.07.22 09:56:25 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DeviceDoctorSoftware [2010.06.30 20:30:44 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DivX [2011.04.21 01:55:01 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Flatcast [2011.02.13 00:47:57 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\flightgear.org [2010.08.01 01:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\FOG Downloader [2011.04.21 14:32:12 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\GetRightToGo [2009.12.21 00:47:44 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Google [2009.12.20 23:27:56 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Identities [2010.08.20 23:48:54 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Imperium Romanum [2010.07.09 10:40:38 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\LG Electronics [2011.04.18 14:52:52 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Longbow Digital Arts [2009.12.21 00:47:53 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Macromedia [2011.04.21 14:34:19 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Media Center Programs [2010.08.25 23:26:40 | 000,000,000 | --SD | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft [2010.01.08 02:52:32 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mount&Blade Warband [2010.07.02 23:09:19 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2010.07.13 20:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\My Games [2010.12.15 23:14:14 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\NCH Software [2010.08.29 03:33:17 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Nero [2010.08.27 02:27:29 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\opencity [2010.12.27 18:54:00 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\OpenClonk [2010.09.27 21:18:28 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\OpenOffice.org [2010.08.11 17:54:36 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Opera [2009.12.21 00:08:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Packard Bell [2010.08.25 15:22:16 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Puresoto Group, INC [2010.01.04 20:25:46 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Samsung [2010.06.26 14:40:12 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\SecondLife [2009.12.24 20:52:14 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Sierra Entertainment [2009.12.21 01:35:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Sports Interactive [2009.12.20 23:28:35 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Symantec [2010.01.06 21:20:42 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\T-Online [2010.12.19 01:54:43 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\thriXXX [2010.09.27 17:31:11 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Tobit [2010.08.16 04:24:52 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Tropico3 [2010.06.27 20:37:48 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TubeBox [2011.04.21 14:30:53 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TuneUp Software [2011.01.08 23:25:22 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Ubisoft [2010.07.30 11:51:45 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Utherverse [2010.01.16 20:23:34 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.01.30 15:54:34 | 000,040,070 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{1AF2006B-F09D-4A03-A240-86DE18F8F04D}\_7e4a7ff5.exe [2011.01.30 15:54:34 | 000,040,070 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{1AF2006B-F09D-4A03-A240-86DE18F8F04D}\_7e4e29f1.exe [2010.06.27 20:34:27 | 000,009,662 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_6FEFF9B68218417F98F549.exe [2011.02.01 23:50:45 | 000,034,494 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe [2010.09.01 23:35:40 | 000,034,494 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe [2010.10.09 19:20:16 | 000,034,494 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe [2010.01.06 21:23:04 | 000,010,134 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.03.07 08:01:34 | 000,010,134 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe [2011.03.07 08:01:34 | 000,034,494 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe [2011.03.07 08:01:34 | 000,355,574 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe [2011.03.07 08:01:34 | 000,080,992 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe [2011.03.07 08:01:34 | 000,355,574 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe [2011.02.24 14:07:18 | 001,004,928 | -H-- | M] (EA Digital Illusions CE AB) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe [2007.11.27 09:41:32 | 000,405,504 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe [2010.01.04 20:23:45 | 000,069,632 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.04.02 06:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\drivers\RAID\x86\ahcix86s.sys [2008.04.02 06:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\Windows\System32\drivers\ahcix86s.sys [2008.04.02 06:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_4886f1e9\ahcix86s.sys [2008.01.17 02:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\drivers\ESATA\ahcix86s.sys [2008.01.17 02:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_957aef9d\ahcix86s.sys [2008.05.28 20:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\drivers\VGA\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2010.08.17 04:00:51 | 000,004,608 | -H-- | M] () MD5=6277489894F3973232D2A7208FC37DA2 -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\Xenocode\ApplianceCaches\MyGamersCam.exe_v09AA3404\Native\STUBEXE\@WINDIR@\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.08.20 20:16:11 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Arzu-Selcuk-Sena\Desktop\YouTube -.mp4:TOC.WMV < End of report > |
|
22.04.2011, 14:14
| #4 |
| | Virus löscht alles und läst sich nicht finden! OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.04.2011 14:44:24 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Arzu-Selcuk-Sena\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 95,51 Gb Free Space | 33,39% Space Free | Partition Type: NTFS Computer Name: SELCUK | User Name: Arzu-Selcuk-Sena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arzu-Selcuk-Sena\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Arzu-Selcuk-Sena\Downloads\HiJackThis204(2).exe (Trend Micro Inc.) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.2.556\de\setup.exe () PRC - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Arzu-Selcuk-Sena\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll () SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe (SiSoftware) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys (SiSoftware) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (MTOnlPktAlyX) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: islamicdate@tantos.web.id:0.1.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010.09.16 16:57:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 18:54:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.23 18:54:38 | 000,000,000 | ---D | M] [2010.07.02 23:09:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Extensions [2011.04.22 14:37:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions [2010.09.16 16:58:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (DownThemAll!) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (Battlefield Play4Free) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\battlefieldplay4free@ea.com [2010.08.20 21:26:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\DTToolbar@toolbarnet.com-trash [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (FireDownload) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\firedownload@mozilla.org [2010.08.31 14:39:47 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\firefox@tvunetworks.com [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] (Islamic Date) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\islamicdate@tantos.web.id [2010.08.20 20:16:41 | 000,002,059 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\searchplugins\daemon-search.xml [2011.04.19 02:23:17 | 000,000,950 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\searchplugins\icqplugin-1.xml [2010.08.20 21:26:13 | 000,000,950 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\searchplugins\icqplugin-2.xml [2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\searchplugins\icqplugin.xml [2011.04.04 16:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.07.13 18:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.15 16:03:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.02 21:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.04 18:17:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.04 16:28:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.09.21 10:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2010.12.12 13:58:00 | 000,156,072 | ---- | M] (SpeakyChat) -- C:\Program Files\Mozilla Firefox\plugins\npspeakychat.dll [2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll [2011.03.03 19:38:25 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:38:25 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.03 19:38:25 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:38:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:38:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.) O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [GoWNKtoBbTfMqRQ] C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust) O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - Startup: C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Wallpaper Sci-Fi_1900x1440.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Wallpaper Sci-Fi_1900x1440.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{00fd0473-ee30-11de-915b-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{00fd0473-ee30-11de-915b-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{00fd0493-ee30-11de-915b-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{00fd0493-ee30-11de-915b-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{14cf2407-fb0a-11df-99b3-001e689ec15c}\Shell\AutoRun\command - "" = E:\Jobrocket-starten.exe O33 - MountPoints2\{5e0145cb-edad-11de-a881-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{5e0145cb-edad-11de-a881-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5e0145ea-edad-11de-a881-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{5e0145ea-edad-11de-a881-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{78e22356-d08d-11df-878c-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{78e22356-d08d-11df-878c-001e689ec15c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O33 - MountPoints2\{ab1dd84e-f96e-11de-84e6-001e689ec15c}\Shell - "" = AutoRun O33 - MountPoints2\{ab1dd84e-f96e-11de-84e6-001e689ec15c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Arzu-Selcuk-Sena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {543C8939-821C-0645-5DA1-5A6D20B85144} - Adobe Shockwave Director 10.3 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7E98DCAF-8C38-DA98-2EF7-13AEDD0A7627} - Internet Explorer ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 12:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.04.22 01:55:01 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.22 01:43:35 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\GoWNKtoBbTfMqRQ.exe [2011.04.21 16:34:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.04.21 14:34:19 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Malwarebytes [2011.04.21 14:33:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.21 14:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.21 14:33:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 14:33:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.21 14:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.21 14:31:55 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe [2011.04.21 14:30:54 | 000,361,288 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe [2011.04.21 14:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2009 [2011.04.21 14:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009 [2011.04.21 14:29:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357} [2011.04.21 14:27:22 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\GetRightToGo [2011.04.21 14:27:22 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Documents\Downloads [2011.04.19 21:57:28 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Desktop\saves [2011.04.19 21:55:59 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Desktop\.minecraft [2011.04.18 21:23:40 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Desktop\Hegemony_Gold_Wars_of_Ancient_Greece_GERMAN-BACKLASH [2011.04.18 14:52:52 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Longbow Digital Arts [2011.04.18 14:52:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Longbow Digital Arts [2011.04.18 14:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hegemony Gold [2011.04.18 14:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Longbow Digital Arts [2011.04.13 13:16:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 13:16:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 13:16:41 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 13:16:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 13:16:34 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 13:16:24 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 13:16:24 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 13:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 13:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.13 13:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 13:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.13 13:16:22 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 13:16:19 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 13:16:19 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.06 21:44:30 | 006,637,575 | -H-- | C] (McAfee Inc.) -- C:\Users\Arzu-Selcuk-Sena\Desktop\stinger10101327.exe [2011.04.04 17:59:23 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\PunkBuster [2011.04.04 17:56:55 | 000,000,000 | -H-D | C] -- C:\Users\Arzu-Selcuk-Sena\Documents\Battlefield Play4Free [2011.04.04 17:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2011.04.04 16:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2011.04.04 16:28:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.04 16:28:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.04 16:28:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 14:30:00 | 000,000,362 | -H-- | M] () -- C:\Windows\tasks\Erweiterte Garantie-Arzu-Selcuk-Sena.job [2011.04.22 14:28:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.22 14:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.04.22 13:53:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 13:53:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 13:17:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 02:53:28 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{06175F9D-B190-46D2-A514-79B28EA998BB}.job [2011.04.22 02:50:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.22 02:50:40 | 3756,441,600 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 01:58:44 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.22 01:58:44 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.22 01:58:44 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.22 01:58:44 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.22 01:55:16 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~43048712 [2011.04.22 01:55:16 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43048712r [2011.04.22 01:55:01 | 000,000,586 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\Windows Recovery.lnk [2011.04.22 01:54:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43048712 [2011.04.22 01:52:36 | 000,487,424 | -H-- | M] () -- C:\ProgramData\43048712.exe [2011.04.22 01:43:32 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\GoWNKtoBbTfMqRQ.exe [2011.04.21 14:33:57 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 14:31:55 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe [2011.04.21 14:30:54 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe [2011.04.21 14:30:45 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.04.21 14:30:44 | 000,001,627 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk [2011.04.21 01:30:55 | 000,000,384 | -H-- | M] () -- C:\ProgramData\42655496 [2011.04.21 01:28:48 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42655496 [2011.04.21 01:28:48 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42655496r [2011.04.18 20:19:34 | 000,138,264 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.04.18 20:19:25 | 000,234,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.04.18 16:21:36 | 000,001,508 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Documents\mcedit.ini [2011.04.16 16:37:45 | 000,046,394 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Documents\cc_20110416_163737.reg [2011.04.16 15:28:38 | 000,000,680 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\d3d9caps.dat [2011.04.15 16:59:29 | 000,039,001 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\4598a306.jpg [2011.04.15 16:59:23 | 000,038,630 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\391f19f4.jpg [2011.04.14 07:44:13 | 000,259,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 19:39:12 | 000,000,017 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\stinger10101327.opt [2011.04.06 21:45:01 | 006,637,575 | -H-- | M] (McAfee Inc.) -- C:\Users\Arzu-Selcuk-Sena\Desktop\stinger10101327.exe [2011.04.04 17:44:43 | 000,138,056 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\PnkBstrK.sys [2011.04.01 21:31:01 | 000,191,280 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\20.htm [2011.03.26 16:25:48 | 000,000,617 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 2D.lnk [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.22 01:55:16 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43048712r [2011.04.22 01:55:15 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~43048712 [2011.04.22 01:55:01 | 000,000,586 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\Windows Recovery.lnk [2011.04.22 01:54:53 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43048712 [2011.04.22 01:52:36 | 000,487,424 | -H-- | C] () -- C:\ProgramData\43048712.exe [2011.04.21 14:33:57 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 14:32:25 | 000,000,522 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.04.21 14:30:44 | 000,001,627 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk [2011.04.21 14:30:44 | 000,000,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2009.lnk [2011.04.21 02:00:48 | 3756,441,600 | -HS- | C] () -- C:\hiberfil.sys [2011.04.21 01:28:48 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~42655496 [2011.04.21 01:28:48 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42655496r [2011.04.21 01:28:39 | 000,000,384 | -H-- | C] () -- C:\ProgramData\42655496 [2011.04.16 16:37:40 | 000,046,394 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Documents\cc_20110416_163737.reg [2011.04.15 16:59:28 | 000,039,001 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\4598a306.jpg [2011.04.15 16:59:22 | 000,038,630 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\391f19f4.jpg [2011.04.06 22:24:02 | 000,000,017 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\stinger10101327.opt [2011.04.04 17:59:28 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2011.04.04 17:44:44 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.04.04 17:44:43 | 000,138,056 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\PnkBstrK.sys [2011.04.04 17:44:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.04.04 17:44:13 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.04.01 21:31:03 | 000,191,280 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\20.htm [2011.01.30 16:25:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.11.09 10:20:13 | 000,023,580 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\UserTile.png [2010.10.20 15:20:21 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2010.10.20 15:20:21 | 000,000,884 | ---- | C] () -- C:\Windows\unins000.dat [2010.10.15 17:33:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.10.11 20:02:04 | 000,000,041 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TheHunterSettings_live.cfg [2010.09.28 22:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.09.27 17:02:44 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.08.17 04:05:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.05 21:20:45 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.08.05 21:20:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.22 19:30:23 | 012,836,864 | -H-- | C] () -- C:\ProgramData\sandra.mda [2010.07.22 16:52:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.22 16:51:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.22 16:51:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.07.04 16:59:03 | 000,000,680 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\d3d9caps.dat [2010.05.27 18:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.01.04 20:26:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.01.04 20:26:14 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.12.20 23:59:39 | 000,031,744 | -H-- | C] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.07 11:53:17 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.08.07 11:53:17 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.08.07 11:53:17 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.08.07 11:53:17 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.08.07 02:47:31 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.08.07 02:41:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.08.07 02:35:24 | 000,000,144 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.07.19 09:24:09 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.07.19 09:24:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.04.02 00:46:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,259,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2000.07.15 01:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe ========== LOP Check ========== [2010.11.12 20:56:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\0ad [2010.08.18 20:36:39 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Clonk Rage [2010.09.06 14:09:17 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Cornelsen [2010.08.20 20:29:27 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DAEMON Tools Lite [2010.07.22 09:56:25 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DeviceDoctorSoftware [2011.04.21 01:55:01 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Flatcast [2011.02.13 00:47:57 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\flightgear.org [2010.08.01 01:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\FOG Downloader [2011.04.21 14:32:12 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\GetRightToGo [2010.08.20 23:48:54 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Imperium Romanum [2010.07.09 10:40:38 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\LG Electronics [2011.04.18 14:52:52 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Longbow Digital Arts [2010.01.08 02:52:32 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mount&Blade Warband [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2010.07.13 20:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\My Games [2010.08.27 02:27:29 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\opencity [2010.12.27 18:54:00 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\OpenClonk [2010.09.27 21:18:28 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\OpenOffice.org [2010.08.11 17:54:36 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Opera [2009.12.21 00:08:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Packard Bell [2010.08.25 15:22:16 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Puresoto Group, INC [2010.01.04 20:25:46 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Samsung [2010.06.26 14:40:12 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\SecondLife [2009.12.24 20:52:14 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Sierra Entertainment [2009.12.21 01:35:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Sports Interactive [2010.01.06 21:20:42 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\T-Online [2010.12.19 01:54:43 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\thriXXX [2010.09.27 17:31:11 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Tobit [2010.08.16 04:24:52 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Tropico3 [2010.06.27 20:37:48 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TubeBox [2011.04.21 14:30:53 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TuneUp Software [2011.01.08 23:25:22 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Ubisoft [2010.07.30 11:51:45 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Utherverse [2011.04.22 14:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.04.22 14:30:00 | 000,000,362 | -H-- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-Arzu-Selcuk-Sena.job [2011.04.22 02:22:08 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.22 02:53:28 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{06175F9D-B190-46D2-A514-79B28EA998BB}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.11.12 20:56:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\0ad [2010.08.13 02:43:54 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Adobe [2010.11.04 22:53:03 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Apple Computer [2009.12.20 23:28:43 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\ATI [2010.08.18 20:36:39 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Clonk Rage [2010.09.06 14:09:17 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Cornelsen [2010.08.20 20:29:27 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DAEMON Tools Lite [2010.07.22 09:56:25 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DeviceDoctorSoftware [2010.06.30 20:30:44 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\DivX [2011.04.21 01:55:01 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Flatcast [2011.02.13 00:47:57 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\flightgear.org [2010.08.01 01:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\FOG Downloader [2011.04.21 14:32:12 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\GetRightToGo [2009.12.21 00:47:44 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Google [2009.12.20 23:27:56 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Identities [2010.08.20 23:48:54 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Imperium Romanum [2010.07.09 10:40:38 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\LG Electronics [2011.04.18 14:52:52 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Longbow Digital Arts [2009.12.21 00:47:53 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Macromedia [2011.04.21 14:34:19 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Media Center Programs [2010.08.25 23:26:40 | 000,000,000 | --SD | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft [2010.01.08 02:52:32 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mount&Blade Warband [2010.07.02 23:09:19 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla [2011.04.21 01:55:02 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2010.07.13 20:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\My Games [2010.12.15 23:14:14 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\NCH Software [2010.08.29 03:33:17 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Nero [2010.08.27 02:27:29 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\opencity [2010.12.27 18:54:00 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\OpenClonk [2010.09.27 21:18:28 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\OpenOffice.org [2010.08.11 17:54:36 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Opera [2009.12.21 00:08:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Packard Bell [2010.08.25 15:22:16 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Puresoto Group, INC [2010.01.04 20:25:46 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Samsung [2010.06.26 14:40:12 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\SecondLife [2009.12.24 20:52:14 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Sierra Entertainment [2009.12.21 01:35:55 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Sports Interactive [2009.12.20 23:28:35 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Symantec [2010.01.06 21:20:42 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\T-Online [2010.12.19 01:54:43 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\thriXXX [2010.09.27 17:31:11 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Tobit [2010.08.16 04:24:52 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Tropico3 [2010.06.27 20:37:48 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TubeBox [2011.04.21 14:30:53 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\TuneUp Software [2011.01.08 23:25:22 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Ubisoft [2010.07.30 11:51:45 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Utherverse [2010.01.16 20:23:34 | 000,000,000 | -H-D | M] -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.01.30 15:54:34 | 000,040,070 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{1AF2006B-F09D-4A03-A240-86DE18F8F04D}\_7e4a7ff5.exe [2011.01.30 15:54:34 | 000,040,070 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{1AF2006B-F09D-4A03-A240-86DE18F8F04D}\_7e4e29f1.exe [2010.06.27 20:34:27 | 000,009,662 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_6FEFF9B68218417F98F549.exe [2011.02.01 23:50:45 | 000,034,494 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe [2010.09.01 23:35:40 | 000,034,494 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe [2010.10.09 19:20:16 | 000,034,494 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe [2010.01.06 21:23:04 | 000,010,134 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.03.07 08:01:34 | 000,010,134 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe [2011.03.07 08:01:34 | 000,034,494 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe [2011.03.07 08:01:34 | 000,355,574 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe [2011.03.07 08:01:34 | 000,080,992 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe [2011.03.07 08:01:34 | 000,355,574 | RH-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe [2011.02.24 14:07:18 | 001,004,928 | -H-- | M] (EA Digital Illusions CE AB) -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe [2007.11.27 09:41:32 | 000,405,504 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe [2010.01.04 20:23:45 | 000,069,632 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.04.02 06:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\drivers\RAID\x86\ahcix86s.sys [2008.04.02 06:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\Windows\System32\drivers\ahcix86s.sys [2008.04.02 06:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_4886f1e9\ahcix86s.sys [2008.01.17 02:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\drivers\ESATA\ahcix86s.sys [2008.01.17 02:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_957aef9d\ahcix86s.sys [2008.05.28 20:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\drivers\VGA\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2010.08.17 04:00:51 | 000,004,608 | -H-- | M] () MD5=6277489894F3973232D2A7208FC37DA2 -- C:\Users\Arzu-Selcuk-Sena\AppData\Local\Xenocode\ApplianceCaches\MyGamersCam.exe_v09AA3404\Native\STUBEXE\@WINDIR@\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.08.20 20:16:11 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Arzu-Selcuk-Sena\Desktop\YouTube -.mp4:TOC.WMV < End of report > |
|
22.04.2011, 14:16
| #5 |
| | Virus löscht alles und läst sich nicht finden! OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 14:44:24 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Arzu-Selcuk-Sena\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 95,51 Gb Free Space | 33,39% Space Free | Partition Type: NTFS
Computer Name: SELCUK | User Name: Arzu-Selcuk-Sena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2671913179-1108859940-639139374-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11FFA397-0AEE-487C-8AB7-4D78B6CA30B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1CCF66E3-DD0C-460C-967E-0AC5308B5029}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D8092F1-AD00-44FD-8455-F0901CBF7457}" = rport=445 | protocol=6 | dir=out | app=system |
"{2475D7BB-882B-4356-8F08-215EDF620488}" = lport=445 | protocol=6 | dir=in | app=system |
"{4D71B99D-4840-4698-B4E8-656085113F81}" = lport=138 | protocol=17 | dir=in | app=system |
"{5137660A-BC10-45EA-A55D-35C8D4B6B11C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6DCFBACF-31DF-45CE-87A8-19DCB03E10B3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{775FA68D-917F-4348-8246-C62F3E7CB33F}" = lport=52362 | protocol=6 | dir=in | name=akamai netsession interface |
"{7A3D80A9-20F6-43C3-AFD3-AE6600B41690}" = lport=139 | protocol=6 | dir=in | app=system |
"{90C2DFB6-B7C3-4F5A-ABED-6F32B456AA5B}" = rport=137 | protocol=17 | dir=out | app=system |
"{B97D7CB6-2D04-4D1B-B663-3F20915DDA66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C650DC6B-86C7-4438-B820-661F2292ACC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EE454C19-E2B8-42F9-8D69-F642309225AC}" = lport=137 | protocol=17 | dir=in | app=system |
"{F257708C-7FAA-40FB-B0D8-92F33453765F}" = rport=138 | protocol=17 | dir=out | app=system |
"{F62EC5E9-996C-4FA4-ACE8-49A7AC23F337}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe |
"{FCDE0297-2418-44F0-8447-645959BA60D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05454D67-F8E1-4EB7-AFA5-48D2CAC28F8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{14BF32BD-619D-4B84-B6C4-C9CB868F2B17}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{179B70BF-F78D-4023-BA0A-1B2307D70578}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{344C98DA-8175-4479-BFA0-9557114A7EEF}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{36957768-8450-430F-BCB6-926CFC1A461D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{389265A4-2767-4DD1-8774-BCCE0CBD05BD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3B206851-4480-4DD9-A30B-87A73BED4F0F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{3B77736E-8442-44AA-906F-C278B081CB1A}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe |
"{44E7674B-6CAF-463E-9B30-CBBF38E32C42}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4546BFF3-911E-4474-8CCE-4FB9430A3BAA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{48A6E9B6-E22A-40B6-BD96-057E6E0030CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{51E1F0C7-0D92-44D0-B284-B9759F957F1D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{566B93E2-56AD-4D7C-B609-FE0E44F61848}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6888232F-366E-4169-B3CB-1BA5E7BF7483}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F81F519-C8CD-49A9-9371-CD9C8AB40338}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{708D982F-1F0A-4002-905E-C368330F4D8C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{70AD51AB-3E51-4A02-AF8A-0E42AF8D351C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7A8069F0-891E-4FFA-A0FE-C34EE1C7F84E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{7B4406AA-EC2F-4A0A-A57F-999E53BA4561}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{7F35C10C-8B19-498A-8050-82F958AB9032}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{81691376-A618-41A7-BA2D-E189BBD26DD7}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{833B0F6D-F9D8-4D8F-8057-3C56812CC8DD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8503A8EC-49D4-4EE4-AE3B-96C7AA3CEE2D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8676ADDE-C0E3-46D7-A3DD-84B6F65BA733}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{9ECC65CF-79CD-4A4B-933E-E1982C0FE3D5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A36622C0-ED34-4B06-B796-EFCACDDC4B56}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B3362A9A-1B2C-44E5-8143-1D04AAF05C1D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{C7E672CD-08F7-4AB8-AE64-ED1200F812B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DB8D4FA4-B592-4AB7-84A2-84B578D4990A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DDBF0C99-3863-4ED2-9A49-5FE4842B30D6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DE9A5C05-861A-482D-A642-870A443BE670}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{E489AC55-C684-40B7-AFBD-1A5DDA9D5E2B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4AEB1F7-F166-46BD-97CC-5ABF51DDD21E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{F33003FD-C543-4451-BAC4-BD83F6B6387E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F3C49BCE-1CE0-45CA-8BED-3C72A41D5A26}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F94B80FC-A4C7-4CB2-B57B-C97F3949ECA2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FFC04177-0911-47BF-BB27-65DEA89194C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{090034AA-08A7-4748-AF6F-5E4605897954}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{0E59187B-F45C-48D1-AF23-BD3069ED703A}C:\bohemia interactive\jcove\vbs2_lite.exe" = protocol=6 | dir=in | app=c:\bohemia interactive\jcove\vbs2_lite.exe |
"TCP Query User{1B90A7DF-C4AA-405D-AA66-F08C84F8FE7A}C:\games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\games\grand theft auto iv\gtaiv.exe |
"TCP Query User{1BD4693C-90C8-4EBC-BCFF-CC657E213CEB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{33DB0B58-E4AD-4990-A530-4A97779DADF8}C:\games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\games\grand theft auto iv\gtaiv.exe |
"TCP Query User{48E4115A-4C02-4865-A52C-B55ADC372565}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe |
"TCP Query User{7E10E3E3-177C-4211-A568-2A217C040AC6}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{99AF8135-6068-4135-9C6A-239B71AB19AB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{A275DEA0-A162-432F-BAEE-5A4314C2A816}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A7F91A5A-13EA-407E-A1CA-578B5FE534C8}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{BFC9D3C3-7453-4DAB-8E00-37E9DCA2BF0F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{E016B02E-E286-4474-8B29-16BDD5EF527B}C:\program files\activision\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty black ops\blackops.exe |
"TCP Query User{FDAC62DB-7340-43D1-B0C8-DF8319623549}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{10FE927D-85BE-4F2D-88DC-6581235EE0C3}C:\games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\games\grand theft auto iv\gtaiv.exe |
"UDP Query User{1CA7EA57-E629-42E6-8614-170C7A8A6B2D}C:\program files\activision\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty black ops\blackops.exe |
"UDP Query User{359A4B92-D00E-434C-AE15-6469F2E606A0}C:\bohemia interactive\jcove\vbs2_lite.exe" = protocol=17 | dir=in | app=c:\bohemia interactive\jcove\vbs2_lite.exe |
"UDP Query User{3B94E932-9AB7-4BD2-B265-36A99761B59A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3C23DAE3-04BC-4B82-82DD-4DEA33E7A9DB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{3D8B6A82-DA48-4853-9599-8B65C665EFC6}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{53D5F7DF-BAA5-437F-A9E1-974DC6A119B3}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{660A8523-CC70-4275-9ED8-738B9874390A}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{866EC4EB-0857-4C14-8825-DAC9857D92CE}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{98C06C7F-9A5F-4A3F-924B-568C53D349AE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9B90F6FC-7DCC-424B-B15D-C9C64ECE2C74}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{B80AC999-CD49-4105-9705-6514C3CD81C3}C:\games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\games\grand theft auto iv\gtaiv.exe |
"UDP Query User{CC2EAE23-B49E-4DC0-BBBB-AD0B978174C5}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15415EF8-79FE-11DF-88C7-6200DF634434}" = theHunter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AF2006B-F09D-4A03-A240-86DE18F8F04D}" = Virtual Woman Millennium Edition Beta .953
"{1E0912F9-DB45-4CED-8D6E-4558294591A6}_is1" = Pro Evolution Soccer 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4538055F-EBC6-4E67-9365-F55B1DEFE9DE}" = Gothic 3 - Götterdämmerung
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{680FF58E-524F-11D8-9E00-0004769EEFEB}" = Yeti Sports
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.9
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{94D3E92B-EA43-2B34-0C60-CD7E3DFCBC12}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{980B9958-1239-4FC5-8C88-AC5650321031}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1797ED7-8FC0-4A62-A03B-0E35DA65A75D}" = Kodu Game Lab
"{A5756705-8115-02F6-715F-59E5EDE5303D}" = ccc-utility
"{A7B44FB6-5631-4A4A-9DAD-82F7E3C767B9}" = Visual C++ Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B9845F2F-455C-4E76-9599-159AE471DB59}_is1" = Subvein v0.64
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{D606EB46-80B9-4753-8988-BC18F0ECD211}_is1" = Call of Duty Black Ops
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6DB139F-DE64-4F3A-AFBD-5ABF7E434F12}" = AMD USB Audio Driver Filter
"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EABCA81A-E96B-6163-CF2B-1A7DF959BEB4}" = Catalyst Control Center InstallProxy
"{EAE8F6AB-68E8-4AA9-9518-F677090690B2}" = TubeBox!
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0B63C37025C2F467B0BAF5BC9C10E853F201C510" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass (10/03/2007 5.0.0004.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobePE6" = Adobe Photoshop Elements 6
"AdobeReader" = Adobe Reader 8
"Age Of Pirates 1.41_is1" = Age Of Pirates - Caribbean Tales 1.41
"Akamai" = Akamai NetSession Interface
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"AssaultCube_v1.1.0.1" = AssaultCube v1.1.0.1
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"AUDIO" = AUDIO DRIVER V6.0.1.5653
"avast5" = avast! Free Antivirus
"Carbonite" = Carbonite
"Carbonite Setup Lite" = Sichern Sie Ihre Daten
"CARDREADER" = cardreader Driver V1.0.10.4
"CCleaner" = CCleaner
"CIR" = ITECIR Infrared Receiver V5.0.4.5
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Democracy 2 Demo_is1" = Democracy 2 Demo
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"Euro Truck Simulator" = Euro Truck Simulator
"Flatcast_is1" = Flatcast Viewer Plugin 5.0.356
"FlightGear_is1" = FlightGear v2.0.0
"Football Manager 2009_is1" = Football Manager 2009
"Google Desktop" = Google Desktop
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GoogleDesktop" = Google Desktop
"GoogleToolbar" = Google Toolbar
"Grand Theft Auto IV_is1" = Grand Theft Auto IV v1.0 Eng
"GTA4 Mod Installer 0.2.0" = GTA4 Mod Installer 0.2.0
"Hegemony Gold" = Hegemony Gold: Wars of Ancient Greece
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0.0.1
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LAN" = Realtek RTL8102 Driver V6.203.214.2008
"LCDTest" = Packard Bell LCD Test
"LinCity-NG_is1" = LinCity-NG 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"METABOLI" = Metaboli
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero8" = Nero 8 Essentials
"Netzmanager" = Netzmanager
"OpenAL" = OpenAL
"OpenCity 0.0.6.2 stable_is1" = OpenCity 0.0.6.2 stable
"Paintball2" = Paintball2 Alpha build 31
"Picasa 3" = Picasa 3
"Picasa_2" = Picasa2
"Picasa2" = Picasa 2
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PunkBusterSvc" = PunkBuster Services
"Rigs of Rods" = Rigs of Rods
"S3" = Die Siedler III Gold Edition
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SETUPMYPC_DE" = SetUp My PC
"SKYPE" = Skype 3.6.2.248
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Telekom Fotoservice" = Telekom Fotoservice
"TOUCHPAD" = TOUCHPAD DRIVER V10.0.1.0
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Updator" = Packard Bell Updator
"VGA" = VGA DRIVERS V8.479
"VideoPad" = VideoPad Video Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2671913179-1108859940-639139374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0638265cfb8124a6" = AA2Deploy
"2a4f70b48f669acd" = AA3Deploy
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
22.04.2011, 14:44
| #6 |
| /// Malware-holic | Virus löscht alles und läst sich nicht finden! • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-21-2671913179-1108859940-639139374-1000..\Run: [GoWNKtoBbTfMqRQ] C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust) [2011.04.22 01:55:16 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~43048712 [2011.04.22 01:55:16 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43048712r [2011.04.22 01:55:01 | 000,000,586 | -H-- | M] () -- C:\Users\Arzu-Selcuk-Sena\Desktop\Windows Recovery.lnk [2011.04.22 01:54:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43048712 [2011.04.22 01:52:36 | 000,487,424 | -H-- | M] () -- C:\ProgramData\43048712.exe [2011.04.22 01:43:32 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\GoWNKtoBbTfMqRQ.exe :Files C:\ProgramData\GoWNKtoBbTfMqRQ.exe C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ --> Virus löscht alles und läst sich nicht finden! |
|
22.04.2011, 15:00
| #7 |
| | Virus löscht alles und läst sich nicht finden! All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2671913179-1108859940-639139374-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoWNKtoBbTfMqRQ deleted successfully. C:\ProgramData\GoWNKtoBbTfMqRQ.exe moved successfully. C:\ProgramData\~43048712 moved successfully. C:\ProgramData\~43048712r moved successfully. C:\Users\Arzu-Selcuk-Sena\Desktop\Windows Recovery.lnk moved successfully. C:\ProgramData\43048712 moved successfully. C:\ProgramData\43048712.exe moved successfully. File C:\ProgramData\GoWNKtoBbTfMqRQ.exe not found. ========== FILES ========== File\Folder C:\ProgramData\GoWNKtoBbTfMqRQ.exe not found. C:\Users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Arzu-Selcuk-Sena ->Flash cache emptied: 63081 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Arzu-Selcuk-Sena ->Temp folder emptied: 134541671 bytes ->Temporary Internet Files folder emptied: 2415116 bytes ->Java cache emptied: 19836173 bytes ->FireFox cache emptied: 86932351 bytes ->Google Chrome cache emptied: 819568 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3246882 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 236,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04222011_154829 Files\Folders moved on Reboot... C:\Users\Arzu-Selcuk-Sena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE2REJ8C\list-item-plus[1].png moved successfully. C:\Users\Arzu-Selcuk-Sena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMN4C4ZQ\background_banner_green_50_v45[1].jpg moved successfully. C:\Users\Arzu-Selcuk-Sena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMN4C4ZQ\background_button_green_full[1].png moved successfully. C:\Users\Arzu-Selcuk-Sena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N00L1XB\background-banner-middle-v45[1].jpg moved successfully. C:\Users\Arzu-Selcuk-Sena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N00L1XB\background-banner-right-v45[1].jpg moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... VIELEN VIELEN DANKE, DU BIST ECHT DER BESTE!  |
|
22.04.2011, 15:06
| #8 |
| /// Malware-holic | Virus löscht alles und läst sich nicht finden! ich warte auf den upload.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 15:19
| #9 |
| | Virus löscht alles und läst sich nicht finden! Ist hochgeladen, muss ich noch irgendwas machen? |
|
22.04.2011, 15:34
| #10 |
| /// Malware-holic | Virus löscht alles und läst sich nicht finden! download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 19:36
| #11 |
| | Virus löscht alles und läst sich nicht finden! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6419 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 22.04.2011 20:07:20 mbam-log-2011-04-22 (20-07-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 439898 Laufzeit: 3 Stunde(n), 12 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
22.04.2011, 19:39
| #12 |
| /// Malware-holic | Virus löscht alles und läst sich nicht finden! bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 20:43
| #13 |
| | Virus löscht alles und läst sich nicht finden! ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-04-22 21:31 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\System32\TUProgSt.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\ehome\ehmsas.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-04-22 21:39:25 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-04-22 19:39 . Vor Suchlauf: 32 Verzeichnis(se), 98.819.428.352 Bytes frei Nach Suchlauf: 35 Verzeichnis(se), 98.500.300.800 Bytes frei . Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 1F402A2005A92025B463E8A100890FDF |
|
22.04.2011, 20:44
| #14 |
| /// Malware-holic | Virus löscht alles und läst sich nicht finden! das ist nicht combofix.txt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 20:49
| #15 |
| | Virus löscht alles und läst sich nicht finden! entschuldige bitte Combofix Logfile: Code:
ATTFilter ComboFix 11-04-22.01 - Arzu-Selcuk-Sena 22.04.2011 21:17:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3582.1847 [GMT 2:00]
ausgeführt von:: c:\users\Arzu-Selcuk-Sena\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-22 bis 2011-04-22 ))))))))))))))))))))))))))))))
.
.
2011-04-22 19:26 . 2011-04-22 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-22 14:50 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 14:50 . 2011-04-22 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 14:50 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 13:48 . 2011-04-22 14:12 -------- d-----w- C:\_OTL
2011-04-22 10:44 . 2011-04-22 10:44 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-22 10:05 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E23DDF2-D102-49F7-920D-95CCC98057E7}\mpengine.dll
2011-04-21 14:34 . 2011-04-21 14:34 -------- d-----w- c:\programdata\WindowsSearch
2011-04-21 12:34 . 2011-04-21 12:34 -------- d-----w- c:\users\Arzu-Selcuk-Sena\AppData\Roaming\Malwarebytes
2011-04-21 12:33 . 2011-04-21 12:33 -------- d-----w- c:\programdata\Malwarebytes
2011-04-21 12:31 . 2011-04-21 12:31 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2011-04-21 12:30 . 2011-04-21 12:30 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-04-21 12:30 . 2011-04-21 12:30 -------- d-----w- c:\program files\TuneUp Utilities 2009
2011-04-21 12:29 . 2011-04-21 12:29 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2011-04-21 12:27 . 2011-04-21 12:32 -------- d-----w- c:\users\Arzu-Selcuk-Sena\AppData\Roaming\GetRightToGo
2011-04-18 12:52 . 2011-04-18 12:52 -------- d-----w- c:\users\Arzu-Selcuk-Sena\AppData\Roaming\Longbow Digital Arts
2011-04-18 12:52 . 2011-04-18 12:52 -------- d-----w- c:\programdata\Longbow Digital Arts
2011-04-18 12:50 . 2011-04-18 12:50 -------- d-----w- c:\program files\Longbow Digital Arts
2011-04-04 15:59 . 2011-04-18 18:19 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-04 15:59 . 2011-04-04 15:59 -------- d-----w- c:\users\Arzu-Selcuk-Sena\AppData\Local\PunkBuster
2011-04-04 15:44 . 2011-04-18 18:19 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-04 15:44 . 2011-04-04 15:44 138056 ----a-w- c:\users\Arzu-Selcuk-Sena\AppData\Roaming\PnkBstrK.sys
2011-04-04 15:44 . 2011-04-18 18:19 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-04 15:44 . 2011-04-04 15:44 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-04 14:31 . 2011-04-04 14:31 -------- d-----w- c:\program files\EA Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 19:40 . 2010-07-13 16:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2010-09-22 05:38 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-09-16 14:57 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-16 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-28 2969496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-11-16 268800]
.
c:\users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2009-11-10 1529856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Arzu-Selcuk-Sena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Arzu-Selcuk-Sena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-20 691696]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-10-02 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-03-19 22072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-22 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 10:45]
.
2011-04-22 c:\windows\Tasks\Erweiterte Garantie-Arzu-Selcuk-Sena.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-08-07 10:13]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 17:51]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 17:51]
.
2011-04-22 c:\windows\Tasks\User_Feed_Synchronization-{06175F9D-B190-46D2-A514-79B28EA998BB}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Arzu-Selcuk-Sena\AppData\Roaming\Mozilla\Firefox\Profiles\p2ulqjkn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Islamic Date: islamicdate@tantos.web.id - %profile%\extensions\islamicdate@tantos.web.id
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-22 21:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-22 21:39:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-22 19:39
.
Vor Suchlauf: 32 Verzeichnis(se), 98.819.428.352 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 98.500.300.800 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 1F402A2005A92025B463E8A100890FDF
|
|
| Themen zu Virus löscht alles und läst sich nicht finden! |
| adobe, antivirus, avast!, bho, bonjour, browser, defender, desktop, downloader, error, fehler, firefox, frage, google, hijack, hijackthis, hkus\s-1-5-18, internet explorer, kaspersky, monitor, mozilla, packard bell, pando media booster, plug-in, problem, program data, software, system, virus, vista, windows |
Linear-Darstellung
