| Manakusur | 25.07.2010 02:46 |
Danke für die schnelle antwort & Sorry für meine späte.
War die Tage weg.
Nya hier die logs
OTL: 1 Code:
OTL logfile created on: 25.07.2010 02:23:30 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Onur\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 26,42 Gb Free Space | 18,04% Space Free | Partition Type: NTFS
Drive D: | 319,27 Gb Total Space | 124,39 Gb Free Space | 38,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ONUR-PC
Current User Name: Onur
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Onur\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe ()
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Cepstral\bin\CepstralLicSrv.exe (Cepstral, LLC)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
========== Modules (SafeList) ==========
MOD - C:\Users\Onur\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3725.dll ()
SRV - (HideMyIpSRV) -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe ()
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Cepstral License Server) -- C:\Program Files (x86)\Cepstral\bin\CepstralLicSrv.exe (Cepstral, LLC)
SRV - (MySQL5) -- C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (MySQL4) -- C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (AVM IGD CTRL Service) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Program Files (x86)\Common Files\AVM\de_serv.exe (AVM Berlin)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSErHrw7a) -- C:\Windows\SysNative\drivers\AVGIDSwa.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgRkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (SaiK0728) -- C:\Windows\SysNative\drivers\SaiK0728.sys (Saitek)
DRV:64bit: - (s816mdm) -- C:\Windows\SysNative\drivers\s816mdm.sys (MCCI Corporation)
DRV:64bit: - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s816mgmt.sys (MCCI Corporation)
DRV:64bit: - (s816mdfl) -- C:\Windows\SysNative\drivers\s816mdfl.sys (MCCI Corporation)
DRV:64bit: - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\SysNative\drivers\s816bus.sys (MCCI Corporation)
DRV - (AVGIDSDriverw7a) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterw7a) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (PLCNDIS5) -- C:\PROGRA~2\POWERP~1\PLCNDIS5.SYS (Intellon, Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {876a175a-b8dd-4c80-b08d-8bcd0b92119a} - C:\Program Files (x86)\iCheck\tbiChe.dll File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567732
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D C7 79 73 F1 75 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {3C8AF6BE-61B9-4C97-92B0-7B446AE52F28} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {876a175a-b8dd-4c80-b08d-8bcd0b92119a} - C:\Program Files (x86)\iCheck\tbiChe.dll File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Germany Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567732&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2567732&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:1.0.8
FF - prefs.js..keyword.URL: "hxxp://search.bearshare.com//web?src=ffb&q="
FF - prefs.js..network.proxy.http: "87.234.225.14"
FF - prefs.js..network.proxy.http_port: 80
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010.05.01 02:01:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010.07.21 23:02:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.07.04 21:03:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.25 21:35:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.18 16:04:09 | 000,000,000 | ---D | M]
[2009.12.06 12:31:35 | 000,000,000 | ---D | M] -- C:\Users\Onur\AppData\Roaming\mozilla\Extensions
[2010.07.19 01:42:48 | 000,000,000 | ---D | M] -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions
[2010.05.30 13:50:34 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280}
[2010.02.01 19:10:05 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010.01.31 16:22:44 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.02.17 20:03:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.12 15:38:38 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010.06.26 12:14:27 | 000,000,000 | ---D | M] -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\autofillForms@blueimp.net
[2009.12.28 17:19:33 | 000,000,000 | ---D | M] -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\DTToolbar@toolbarnet.com
[2010.06.27 00:08:32 | 000,000,000 | ---D | M] -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\foxyproxy@eric.h.jung
[2010.06.27 00:08:32 | 000,000,000 | ---D | M] -- C:\Users\Onur\AppData\Roaming\mozilla\Firefox\Profiles\ggs8jxnq.default\extensions\staged-xpis
[2010.01.29 14:04:27 | 000,001,681 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\ask.uk.xml
[2010.03.12 15:51:13 | 000,002,277 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\BearShareWebSearch.xml
[2010.04.21 12:07:06 | 000,000,957 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\conduit.xml
[2009.12.28 17:19:25 | 000,002,055 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\daemon-search.xml
[2010.07.12 20:41:20 | 000,000,961 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\icqplugin-1.xml
[2010.03.07 15:39:32 | 000,000,961 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\icqplugin-2.xml
[2010.06.01 14:53:05 | 000,000,961 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\icqplugin-3.xml
[2010.07.03 15:13:17 | 000,000,961 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\icqplugin-4.xml
[2010.02.17 20:13:59 | 000,000,955 | ---- | M] () -- C:\Users\Onur\AppData\Roaming\Mozilla\FireFox\Profiles\ggs8jxnq.default\searchplugins\icqplugin.xml
[2010.06.27 01:14:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.29 15:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.30 22:57:52 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files (x86)\mozilla firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2010.06.09 16:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.27 01:14:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\staff@hide-my-ip.com
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.05.07 14:06:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.02.22 17:45:04 | 000,000,973 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2010.05.07 14:06:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.05.07 14:06:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.05.07 14:06:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.05.07 14:06:38 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
O2 - BHO: (iCheck Toolbar) - {876a175a-b8dd-4c80-b08d-8bcd0b92119a} - C:\Program Files (x86)\iCheck\tbiChe.dll File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (TBSB02171 Class) - {FB20F6A3-1360-4B0C-841A-E6BAACED74CF} - C:\Program Files (x86)\IEToolbar\iRazoo Toolbar\irazoo_toolbar2.dll ()
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (iCheck Toolbar) - {876a175a-b8dd-4c80-b08d-8bcd0b92119a} - C:\Program Files (x86)\iCheck\tbiChe.dll File not found
O3 - HKLM\..\Toolbar: (iRazoo Toolbar) - {9210542E-CB2E-4771-A704-D5173248A900} - C:\Program Files (x86)\IEToolbar\iRazoo Toolbar\irazoo_toolbar2.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (iCheck Toolbar) - {876A175A-B8DD-4C80-B08D-8BCD0B92119A} - C:\Program Files (x86)\iCheck\tbiChe.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (iRazoo Toolbar) - {9210542E-CB2E-4771-A704-D5173248A900} - C:\Program Files (x86)\IEToolbar\iRazoo Toolbar\irazoo_toolbar2.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Programme\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\HMIPCore.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8505f72f-faec-11de-ac91-001fd0af161a}\Shell - "" = AutoRun
O33 - MountPoints2\{8505f72f-faec-11de-ac91-001fd0af161a}\Shell\AutoRun\command - "" = H:\pushinst.exe -- File not found
O33 - MountPoints2\{8aff8a90-f3c4-11de-bd2e-001fd0af161a}\Shell - "" = AutoRun
O33 - MountPoints2\{8aff8a90-f3c4-11de-bd2e-001fd0af161a}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\feprog.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.07.25 02:20:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Onur\Desktop\OTL.exe
[2010.07.22 23:28:39 | 000,000,000 | ---D | C] -- C:\Users\Onur\Desktop\Hijack
[2010.07.21 22:56:15 | 000,000,000 | ---D | C] -- C:\Users\Onur\AppData\Roaming\AVG9
[2010.07.19 01:20:48 | 000,000,000 | ---D | C] -- C:\Users\Onur\Desktop\Revenge.of.the.Warrior.2005.German.HD2DVDRip.Xvid-JN
[2010.07.18 16:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010.07.18 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\Onur\AppData\Roaming\Winamp
[2010.07.18 16:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010.07.18 15:58:05 | 000,000,000 | ---D | C] -- C:\Users\Onur\AppData\Local\Stardock
[2010.07.18 15:57:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2010.07.18 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010.07.14 11:18:23 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.03 15:18:42 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010.07.03 15:13:20 | 000,000,000 | ---D | C] -- C:\Users\Onur\AppData\Local\AVG Security Toolbar
[2010.07.03 14:51:51 | 000,056,008 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010.07.03 14:51:50 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010.07.03 14:51:46 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010.07.03 14:51:45 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010.07.03 14:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010.07.03 14:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010.07.03 14:51:24 | 000,027,216 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSwa.sys
[2010.07.03 14:50:47 | 000,029,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010.07.02 11:52:32 | 000,000,000 | ---D | C] -- C:\Users\Onur\Documents\Remote Assistance Logs
[2010.06.30 21:20:07 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll.install_backup
[2010.06.27 01:14:58 | 000,266,552 | ---- | C] (My Privacy Tools, Inc.) -- C:\Windows\SysWow64\HMIPCore.dll
[2010.06.27 01:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hide My IP
[2010.06.26 16:44:20 | 000,000,000 | ---D | C] -- C:\Users\Onur\AppData\Local\BingoLiner
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.25 02:22:51 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.25 02:22:51 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.25 02:20:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Onur\Desktop\OTL.exe
[2010.07.25 02:18:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.25 02:17:45 | 003,670,016 | -HS- | M] () -- C:\Users\Onur\ntuser.dat
[2010.07.25 02:17:39 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.25 02:17:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.25 02:17:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.25 02:17:28 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.25 02:15:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302177865-2553279009-3630564897-1001UA.job
[2010.07.25 00:02:09 | 006,366,816 | -H-- | M] () -- C:\Users\Onur\AppData\Local\IconCache.db
[2010.07.24 23:37:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.24 23:28:07 | 062,455,073 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010.07.24 21:15:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302177865-2553279009-3630564897-1001Core.job
[2010.07.23 23:27:55 | 000,604,901 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010.07.22 23:28:47 | 000,001,531 | ---- | M] () -- C:\Users\Onur\Desktop\HijackThis.lnk
[2010.07.22 18:57:41 | 002,947,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.18 16:04:09 | 000,001,026 | ---- | M] () -- C:\Users\Onur\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010.07.15 14:30:37 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.15 14:30:37 | 000,641,468 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.15 14:30:37 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.15 14:30:37 | 000,125,856 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.15 14:30:37 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.04 10:22:40 | 000,000,876 | ---- | M] () -- C:\Users\Onur\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.07.03 15:18:43 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010.07.03 15:18:42 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010.07.03 15:18:42 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010.07.03 15:18:37 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSwa.sys
[2010.07.03 15:18:22 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010.07.03 15:18:21 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010.07.03 15:18:20 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010.07.03 15:18:20 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010.07.03 15:18:20 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010.07.03 14:51:45 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010.07.03 14:51:45 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010.07.02 12:37:51 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2010.07.01 13:31:44 | 000,524,288 | -HS- | M] () -- C:\Users\Onur\ntuser.dat{fd80f037-8500-11df-aeb0-001a4f9f0bb6}.TMContainer00000000000000000002.regtrans-ms
[2010.07.01 13:31:44 | 000,524,288 | -HS- | M] () -- C:\Users\Onur\ntuser.dat{fd80f037-8500-11df-aeb0-001a4f9f0bb6}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 13:31:44 | 000,065,536 | -HS- | M] () -- C:\Users\Onur\ntuser.dat{fd80f037-8500-11df-aeb0-001a4f9f0bb6}.TM.blf
[2010.06.30 21:20:08 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll.install_backup
[2010.06.27 01:14:50 | 000,001,000 | ---- | M] () -- C:\Users\Onur\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.25 02:18:25 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.22 23:28:47 | 000,001,531 | ---- | C] () -- C:\Users\Onur\Desktop\HijackThis.lnk
[2010.07.18 16:04:09 | 000,001,026 | ---- | C] () -- C:\Users\Onur\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010.07.03 14:51:45 | 062,455,073 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010.07.03 14:51:45 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010.07.03 14:51:45 | 000,604,901 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010.07.03 14:51:45 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010.07.03 14:51:45 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010.07.03 14:51:45 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010.07.02 12:37:51 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010.07.01 13:21:12 | 000,524,288 | -HS- | C] () -- C:\Users\Onur\ntuser.dat{fd80f037-8500-11df-aeb0-001a4f9f0bb6}.TMContainer00000000000000000002.regtrans-ms
[2010.07.01 13:21:12 | 000,524,288 | -HS- | C] () -- C:\Users\Onur\ntuser.dat{fd80f037-8500-11df-aeb0-001a4f9f0bb6}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 13:21:12 | 000,065,536 | -HS- | C] () -- C:\Users\Onur\ntuser.dat{fd80f037-8500-11df-aeb0-001a4f9f0bb6}.TM.blf
[2010.06.27 01:14:50 | 000,001,000 | ---- | C] () -- C:\Users\Onur\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.04.02 02:51:17 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.03.04 21:52:39 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.01.31 17:39:42 | 000,688,128 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010.01.31 17:39:42 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2009.12.19 15:59:07 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll
[1998.09.15 09:12:52 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\tctsaudio.dll
========== Files - Unicode (All) ==========
[2009.12.16 22:14:12 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ç) -- C:\Windows\SysWow64\笨Ç
[2009.12.16 22:14:12 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ç) -- C:\Windows\SysWow64\笨Ç
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
OTL: 2 Code:
OTL Extras logfile created on: 25.07.2010 02:23:30 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Onur\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 26,42 Gb Free Space | 18,04% Space Free | Partition Type: NTFS
Drive D: | 319,27 Gb Total Space | 124,39 Gb Free Space | 38,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ONUR-PC
Current User Name: Onur
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26F32F41-2AA7-4DC9-B995-EA9860AE8C3B}" = Saitek SD6 Programming Software 6.2.1.3
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FEB25F8-C3CB-49A2-AE79-DE17FFAFB5D9}" = MySQL Server 5.0
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7D82F42-0E41-45D8-B5F6-E61E070F9C03}" = PowerPacket Ethernet Adapter
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.12
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EB4CCF1A-EF87-4FAF-8307-9507E6B96216}" = Cepstral Matthias 5.1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AI RoboForm" = AI RoboForm (All Users)
"Akamai" = Akamai NetSession Interface
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.08
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"AVG9Uninstall" = AVG 9.0
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DesktopEyes" = DesktopEyes
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"eBay Icon" = eBay Icon
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"eSpeak_is1" = eSpeak version 1.41.01
"Fraps" = Fraps (remove only)
"Free Fire Screensaver" = Free Fire Screensaver
"FRITZ!DSL" = AVM FRITZ!DSL
"GamersFirst LIVE!" = GamersFirst LIVE!
"HijackThis" = HijackThis 2.0.2
"HMIP50_is1" = Hide My IP 5.0
"Hogs Of War" = Frontschweine
"iCheck Toolbar" = iCheck Toolbar
"ICQToolbar" = ICQ Toolbar
"LHTTSGED" = L&H TTS3000 Deutsch
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Screenshare US" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MBROLA + eSpeak German Pack_is1" = MBROLA + eSpeak German Pack
"MbrolaTools35_is1" = Mbrola Tools 3.5
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MWS Reader 4_is1" = MWS Reader 4
"No-IP.com DUC" = No-IP.com DUC (remove only)
"PremiumSoft Navicat Lite 8.2_is1" = PremiumSoft Navicat Lite 8.2
"RocketDock_is1" = RocketDock 1.3.5
"SCAR Divi 3.22_is1" = SCAR Divi CDE 3.22
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 27300" = Saw
"Steam App 32430" = Star Wars: The Force Unleashed
"Steam App 41000" = Serious Sam HD: The First Encounter
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"TBSB02171.TBSB02171Toolbar" = iRazoo Toolbar
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Anti-Malware: malware hat was gefunden Code:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3784
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
25.07.2010 03:47:35
mbam-log-2010-07-25 (03-47-35).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 470775
Laufzeit: 1 hour(s), 21 minute(s), 3 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Onur\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
Danke für die Mühe von dir :dankeschoen: |
