Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Cpu zu hoch = notebook viel langsamer geworden (https://www.trojaner-board.de/122854-cpu-hoch-notebook-viel-langsamer-geworden.html)

thugtr1905 27.08.2012 14:15
Cpu zu hoch = notebook viel langsamer geworden
 
guten tag @ alle trojaner board user. ich habe seit einigen monaten ein problem mit meinem sony vaio VPCEJ aus irgendeinem grund ist mein cpu einfach viel zu hoch auch wenn ich nichts unternehme ist er bei 70-100 % ich habe schon versucht die prozesse nacheinander zu beenden um zu sehen was das problem ist leider kein ergebnis habe auch diverse antivierenprogramme durchlaufen lassen leider auch nichts gefunden und da ich keine so großen kenntnisse mit einem computer habe bitte ich um eure hilfe wie ich vorgehen könnte um das problem zu finden und dan zu beseitigen. ich hoffe mir wird hir geholfen. Vielen dank und lg:dankeschoen:

hatt niemand wirklich ein tipp ??.. bitte

kira 28.08.2012 08:02
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Hast du in der letzten Zeit:
  • Irgendwas an deinem System geändert?
  • Programme/Treiber/Spiele installiert,Update gezogen..etc - und waren die Quellen sicher?

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

thugtr1905 28.08.2012 14:37
Hallo Zu aller erst Sehr vielen dank und danke für die ausführliche erklärung

Code:
OTL logfile created on: 28.08.2012 15:18:37 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Cem\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 48,12% Memory free
7,90 Gb Paging File | 5,47 Gb Available in Paging File | 69,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 296,62 Gb Free Space | 65,66% Space Free | Partition Type: NTFS
 
Computer Name: CEM-VAIO | User Name: Cem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Cem\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe ()
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Personalization Manager\VpmIfPav.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SystemStore) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (VBTUSB) -- C:\Windows\SysNative\drivers\VBTUSB.sys (Sony Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=130812_ppcs1_3312_5&babsrc=SP_ss&mntrId=8c655c45000000000000eeaf78c79fbd
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE455
IE - HKCU\..\SearchScopes\{6DF79594-B1FF-4841-A91C-A76464A981BB}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={B837E5A0-104E-4EC3-B622-FD3A15C6E531}&mid=1a218bf5b09147d0a059a9cd7a0c144e-fd14da3cf89db86c55c70c94fbaac5efc6024160&lang=de&ds=gh011&pr=sa&d=2012-04-04 22:14:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQGDag7sm&i=26
IE - HKCU\..\SearchScopes\{E6B9BE99-CE0D-43BC-833F-AA02F3AEBBA1}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..CT3197087.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cem\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cem\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cem\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.08.15 14:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.08.15 17:49:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.08.15 17:49:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.08.15 17:49:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.15 14:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.16 00:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.14 16:24:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Cem\AppData\Roaming\11016 [2012.04.20 15:53:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.15 17:50:13 | 000,000,000 | ---D | M]
 
[2012.08.15 17:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cem\AppData\Roaming\mozilla\Extensions
[2012.08.16 00:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cem\AppData\Roaming\mozilla\Firefox\Profiles\nyfmiz3l.default\extensions
[2012.08.16 00:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.16 00:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.04.20 15:53:56 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\CEM\APPDATA\ROAMING\11016
[2012.08.16 00:23:49 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\CEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NYFMIZ3L.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.08.09 01:28:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.09 20:49:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.04 22:14:44 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.15 15:00:55 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.09 20:49:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.09 20:49:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.09 20:49:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.09 20:49:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.09 20:49:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblnhhgpgomleanhbppdnkpofhjijgdp\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Cem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Cem\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: iNTERNET TURBO = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblnhhgpgomleanhbppdnkpofhjijgdp\2.3.15.10_0\
CHR - Extension: Web Assistant = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Cem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2012.06.15 23:26:20 | 000,614,287 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  am1.activemeter.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ad2games.com
O1 - Hosts: 16325 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09152F0B-739C-4DEC-A245-1AA8A37594F1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)
O4 - HKCU..\Run: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\d3dy9jaqt.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4763B83E-DDAC-4D2F-8970-5D248C22E166}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E33CBF99-1C0D-4ED4-BCB6-F7FFFD3EB0A1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22565~1.25\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8bfb4226-2cf3-11e1-b540-78843ce8fdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{8bfb4226-2cf3-11e1-b540-78843ce8fdbd}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{add1f591-a1bb-11e1-afde-ccaf78c79fbe}\Shell - "" = AutoRun
O33 - MountPoints2\{add1f591-a1bb-11e1-afde-ccaf78c79fbe}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 15:16:10 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Cem\Desktop\OTL.exe
[2012.08.27 15:35:58 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.08.27 15:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.08.27 15:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012.08.26 03:26:19 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Busta Rhymes - Year Of The Dragon (Album)
[2012.08.26 03:24:40 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Tamia - Beautiful Surprise (Album)-(2012)
[2012.08.25 17:49:43 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Ginuwine
[2012.08.25 15:32:40 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Nas
[2012.08.25 14:33:19 | 000,000,000 | -H-D | C] -- C:\Users\Cem\Desktop\IMG_0414.JPG.files
[2012.08.25 14:21:31 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\800AAAAA
[2012.08.25 01:49:10 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\Rockstar Games
[2012.08.25 01:49:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.08.19 14:42:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.08.18 17:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.08.18 17:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.08.18 14:33:14 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\SoftGrid Client
[2012.08.18 14:33:12 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\SoftGrid Client
[2012.08.18 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.08.18 14:32:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.08.18 14:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.08.18 14:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.08.18 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\TP
[2012.08.17 23:30:16 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\aaliyah
[2012.08.16 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Essential RnB Collection (2012)
[2012.08.16 17:49:51 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\channel ORANGE (Explicit Version)
[2012.08.16 16:14:55 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Trey Songz - Chapter V (Album)
[2012.08.16 00:30:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 00:30:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 00:30:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 00:30:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 00:30:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 00:30:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 00:30:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 00:30:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 00:30:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 00:30:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 00:30:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 00:30:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 00:30:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 00:17:19 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.16 00:17:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.16 00:17:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.16 00:17:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.16 00:17:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 00:17:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 00:17:10 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 00:17:06 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.15 22:31:20 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Magazeen - Anthology
[2012.08.15 21:37:22 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\DCIM
[2012.08.15 21:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.08.15 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.15 19:30:48 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Avira
[2012.08.15 19:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.15 19:21:15 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.15 19:21:15 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.15 19:21:15 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.15 19:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.15 19:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.15 17:52:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.08.15 17:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.08.15 15:01:34 | 000,000,000 | ---D | C] -- C:\Users\Cem\Start Menu
[2012.08.15 15:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.08.15 14:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.08.15 14:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.08.15 14:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software4u
[2012.08.15 14:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.08.15 14:08:46 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\iphone bilder
[2012.08.15 03:44:03 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\TXT
[2012.08.14 23:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cem\Desktop\Neuer Ordner (2)
[2012.08.14 20:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.08.14 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.08.14 20:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.08.14 20:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.08.12 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Octoshape
[2012.08.11 23:19:46 | 000,000,000 | ---D | C] -- C:\Users\Cem\amsn
[2012.08.11 23:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aMSN
[2012.08.11 23:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\aMSN
[2012.08.11 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Foxit Software
[2012.08.11 20:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.08.11 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.08.11 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.08.11 19:56:21 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.08.10 21:27:22 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{DD5BA8AE-5BD5-498C-BB8A-81CEA12F136E}
[2012.08.10 21:27:11 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{B2A9975A-7460-4A8F-8B6C-43875A5A343B}
[2012.08.10 18:05:11 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{8E3A3B28-6FDC-4FF7-B0A6-C20974B866CE}
[2012.08.10 18:05:00 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{1E0B80E1-7663-43F7-8758-5745BF5DAB77}
[2012.08.09 18:11:20 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{07594D09-DFA3-44BD-A44E-133D31FD9802}
[2012.08.09 18:11:07 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{855535C6-C7A8-40D0-B90C-3E04C6C5F5AC}
[2012.08.08 16:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{B4A27A27-1E83-4FB2-9843-2CC5B2D3321E}
[2012.08.08 16:42:15 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{51B81C72-7A98-49C8-9CF5-3803DFB2B042}
[2012.08.07 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{7A2ADD0C-507A-42E4-B56A-07E32DACB1EC}
[2012.08.07 20:20:29 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{DD5EB11C-81ED-4FA3-86C8-DA2BDF9C5B19}
[2012.08.06 18:58:46 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{6690BE1A-8F42-4A0A-B1BF-488DD8E13438}
[2012.08.06 18:58:35 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{23BE6CD6-3B22-470C-A291-C638F71E9E54}
[2012.08.05 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{DE66C31F-ED74-4B24-8DF7-85B3D7549AA1}
[2012.08.05 15:33:36 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{5F46B31E-2C12-4B5A-A6BD-FA61D39C5101}
[2012.08.05 00:20:08 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Babylon
[2012.08.05 00:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.08.05 00:18:21 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Roaming\Free Windows Tuner
[2012.08.05 00:17:56 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\CRE
[2012.08.05 00:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.08.05 00:17:13 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\Conduit
[2012.08.04 23:30:47 | 000,000,000 | ---D | C] -- C:\Users\Cem\Documents\Sony PMB
[2012.08.04 23:22:41 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment
[2012.08.04 23:14:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.04 15:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{5A2F884E-74F7-4665-8D0E-BB6D81A9846F}
[2012.08.04 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{66CB2CBA-A74F-404D-93F6-6AF5BE5F4A86}
[2012.08.03 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{E57B875C-CDAC-4077-B5EF-E8D378B130D8}
[2012.08.03 15:37:44 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{C9DC614D-BD68-4E0E-A82B-035ABE8636BA}
[2012.07.30 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{E3106C89-7D14-4B1D-A758-BCA126AB6FE9}
[2012.07.30 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{D76B0945-B4EB-4054-89AD-6C4FD467E603}
[2012.07.29 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{7CA531A3-96B7-4236-A670-FB08D91CD240}
[2012.07.29 22:33:57 | 000,000,000 | ---D | C] -- C:\Users\Cem\AppData\Local\{022CA167-087A-41CC-988D-B4223153C5A7}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Cem\AppData\Roaming\*.tmp files -> C:\Users\Cem\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.28 15:17:03 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-239044353-2965356428-2424906931-1000UA.job
[2012.08.28 15:16:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Cem\Desktop\OTL.exe
[2012.08.28 14:55:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-239044353-2965356428-2424906931-1000UA.job
[2012.08.28 14:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.28 14:31:06 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.28 14:23:37 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 14:23:37 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 14:17:59 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 14:16:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 14:16:38 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 21:20:12 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-239044353-2965356428-2424906931-1000Core.job
[2012.08.27 18:04:13 | 008,502,045 | ---- | M] () -- C:\Users\Cem\Desktop\Nas - Escobar - [MP3JUICES.COM].mp3
[2012.08.27 17:03:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-239044353-2965356428-2424906931-1000Core.job
[2012.08.27 15:35:58 | 000,001,007 | ---- | M] () -- C:\Users\Cem\Desktop\SpeedFan.lnk
[2012.08.27 15:35:57 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.08.26 03:16:09 | 003,457,540 | ---- | M] () -- C:\Users\Cem\Desktop\Wet My Whistle.mp3
[2012.08.25 22:59:17 | 006,072,218 | ---- | M] () -- C:\Users\Cem\Desktop\Red+Cafe-+Champagne+For+The+Pain+Feat.+Young+Jeezy+-whattupmyguy.com.mp3.mp3
[2012.08.22 00:56:30 | 000,002,439 | ---- | M] () -- C:\Users\Cem\Desktop\Google Chrome.lnk
[2012.08.21 14:14:37 | 001,645,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.21 14:14:37 | 000,708,408 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.21 14:14:37 | 000,661,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.21 14:14:37 | 000,153,604 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.21 14:14:37 | 000,125,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.19 17:22:36 | 001,672,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.18 14:33:01 | 000,002,461 | ---- | M] () -- C:\Users\Cem\Desktop\Microsoft Word Starter 2010.lnk
[2012.08.16 00:34:53 | 000,297,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.16 00:23:18 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.15 21:30:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.15 20:08:06 | 004,676,962 | ---- | M] () -- C:\Users\Cem\Desktop\Bobby+V+Ft+Magazeen-Whats+Your+Name.mp3.mp3
[2012.08.15 19:29:48 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.15 19:24:11 | 005,136,213 | ---- | M] () -- C:\Users\Cem\Desktop\James Fauntleroy - Idiot.mp3
[2012.08.15 19:16:33 | 002,710,927 | ---- | M] () -- C:\Users\Cem\Desktop\Joe -Street Dreams.mp3
[2012.08.15 19:02:43 | 005,923,225 | ---- | M] () -- C:\Users\Cem\Desktop\Keyshia Cole Ft. Nicki Minaj -I Aint Thru.mp3
[2012.08.15 18:04:03 | 000,001,161 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.08.15 15:01:28 | 000,000,765 | ---- | M] () -- C:\user.js
[2012.08.14 23:55:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.14 23:55:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 20:21:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.14 18:41:36 | 000,282,836 | ---- | M] () -- C:\test.xml
[2012.08.11 23:19:32 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\aMSN.lnk
[2012.08.11 20:58:50 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.08.11 19:56:21 | 000,001,264 | ---- | M] () -- C:\Users\Cem\Desktop\Revo Uninstaller.lnk
[2012.08.09 20:17:29 | 000,020,295 | -HS- | M] () -- C:\Users\Cem\Desktop\AlbumArt_{0BC40635-5678-4246-9123-071D094E7261}_Large.jpg
[2012.08.09 20:17:29 | 000,005,585 | -HS- | M] () -- C:\Users\Cem\Desktop\AlbumArt_{0BC40635-5678-4246-9123-071D094E7261}_Small.jpg
[2012.08.05 15:15:22 | 000,007,597 | ---- | M] () -- C:\Users\Cem\AppData\Local\Resmon.ResmonCfg
[2012.08.05 00:18:08 | 000,000,009 | ---- | M] () -- C:\END
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Cem\AppData\Roaming\*.tmp files -> C:\Users\Cem\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.27 18:03:46 | 008,502,045 | ---- | C] () -- C:\Users\Cem\Desktop\Nas - Escobar - [MP3JUICES.COM].mp3
[2012.08.27 15:35:58 | 000,001,007 | ---- | C] () -- C:\Users\Cem\Desktop\SpeedFan.lnk
[2012.08.27 15:35:57 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.08.26 03:15:59 | 003,457,540 | ---- | C] () -- C:\Users\Cem\Desktop\Wet My Whistle.mp3
[2012.08.25 22:59:03 | 006,072,218 | ---- | C] () -- C:\Users\Cem\Desktop\Red+Cafe-+Champagne+For+The+Pain+Feat.+Young+Jeezy+-whattupmyguy.com.mp3.mp3
[2012.08.18 14:43:35 | 000,002,461 | ---- | C] () -- C:\Users\Cem\Desktop\Microsoft Word Starter 2010.lnk
[2012.08.15 21:30:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.15 20:07:50 | 004,676,962 | ---- | C] () -- C:\Users\Cem\Desktop\Bobby+V+Ft+Magazeen-Whats+Your+Name.mp3.mp3
[2012.08.15 19:23:58 | 005,136,213 | ---- | C] () -- C:\Users\Cem\Desktop\James Fauntleroy - Idiot.mp3
[2012.08.15 19:21:24 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.15 19:13:42 | 004,229,713 | ---- | C] () -- C:\Users\Cem\Desktop\Daron_Jones_Feat_D4l_-_Dance_For_Me.mp3
[2012.08.15 19:06:36 | 002,710,927 | ---- | C] () -- C:\Users\Cem\Desktop\Joe -Street Dreams.mp3
[2012.08.15 19:02:28 | 005,923,225 | ---- | C] () -- C:\Users\Cem\Desktop\Keyshia Cole Ft. Nicki Minaj -I Aint Thru.mp3
[2012.08.15 15:00:13 | 000,001,161 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.08.15 14:58:57 | 000,000,765 | ---- | C] () -- C:\user.js
[2012.08.14 20:21:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.11 23:19:32 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\aMSN.lnk
[2012.08.11 20:58:50 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.08.11 19:56:21 | 000,001,264 | ---- | C] () -- C:\Users\Cem\Desktop\Revo Uninstaller.lnk
[2012.08.09 18:43:30 | 000,020,295 | -HS- | C] () -- C:\Users\Cem\Desktop\AlbumArt_{0BC40635-5678-4246-9123-071D094E7261}_Large.jpg
[2012.08.09 18:43:30 | 000,005,585 | -HS- | C] () -- C:\Users\Cem\Desktop\AlbumArt_{0BC40635-5678-4246-9123-071D094E7261}_Small.jpg
[2012.08.05 00:18:07 | 000,000,009 | ---- | C] () -- C:\END
[2012.05.21 16:49:05 | 000,007,597 | ---- | C] () -- C:\Users\Cem\AppData\Local\Resmon.ResmonCfg
[2012.05.03 16:26:19 | 000,017,408 | ---- | C] () -- C:\Users\Cem\AppData\Local\WebpageIcons.db
[2012.04.10 16:51:56 | 000,000,016 | ---- | C] () -- C:\Users\Cem\AppData\Roaming\blckdom.res
[2012.03.23 23:34:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.02.24 18:03:41 | 000,001,469 | ---- | C] () -- C:\Users\Cem\.recently-used.xbel
[2012.02.09 22:38:10 | 000,000,042 | ---- | C] () -- C:\Users\Cem\AppData\Roaming\TheHunterSettings_local.cfg
[2012.02.09 21:16:35 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012.02.09 21:16:35 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012.02.09 21:16:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012.02.09 20:34:14 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.01.13 02:30:57 | 000,000,355 | ---- | C] () -- C:\Users\Cem\Computer - Verknüpfung.lnk
[2012.01.03 20:55:46 | 000,000,091 | ---- | C] () -- C:\Users\Cem\AppData\Local\fusioncache.dat
[2011.03.30 03:46:48 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.30 03:46:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.30 03:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 01:03:27 | 001,672,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

Extras
Code:
OTL Extras logfile created on: 28.08.2012 15:18:37 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Cem\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 48,12% Memory free
7,90 Gb Paging File | 5,47 Gb Available in Paging File | 69,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 296,62 Gb Free Space | 65,66% Space Free | Partition Type: NTFS
 
Computer Name: CEM-VAIO | User Name: Cem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00862614-BB1F-49EA-A520-F30841D618A6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0E030334-CDDF-43DC-94EA-5269430F41A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1297EEC3-F0C4-4C5B-97FD-8FD430BB7436}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{15B138F6-A4CB-4734-B54E-9D84C96ECB03}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C9C0C0C-0848-41CD-B7B5-CA8102FD5D70}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{1F8AEFCA-0A78-4C80-A83E-B45B78F0BBAD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B89EABF-D3C7-4129-B104-FC555B83C83F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{392DEA36-1A3B-4050-A7E1-9702C316C2AD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A2E61A2-A599-4452-90D4-99CF1BEB26B3}" = lport=138 | protocol=17 | dir=in | app=system |
"{455619B3-ED08-43B8-851E-B9C73D9FBF03}" = lport=445 | protocol=6 | dir=in | app=system |
"{50BBDB99-B963-4F2D-ADDC-CBC7A028D4F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{549C6195-A999-4B4F-9F5F-469EA37625BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{6450AEA8-DB9B-483B-9F63-01B53A0BECAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6871F73F-1D12-4064-A198-CDE0DDF089E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{69DE34AD-A201-4812-BC75-85ADC02AB3CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7010C207-6ABB-4B5B-9456-71C8DF192944}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B0A040F-BB95-437F-A5FA-4A0D0704F28B}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe |
"{7E99CC0F-CDFE-4B38-8070-6D62A6FCF9F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D3C0D21-082F-483C-A780-E51A16D368C9}" = rport=445 | protocol=6 | dir=out | app=system |
"{96001388-7267-44DB-A99C-E6368E6EA5E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{9891AA65-53D1-498D-B03F-EE20A5129342}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{A9210DD0-E2F5-426F-A338-6FAE8DD27261}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5E28D4D-AA16-4C38-A91C-A5685406C977}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C376056A-FB94-462D-889A-6FCFF78F2020}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8A12129-F690-4F61-8773-DE3D63D59E59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3B392EA-7214-4C22-828B-73E457ABDA99}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E4AF8BF1-029D-4E49-A299-21CE7EABEC75}" = lport=137 | protocol=17 | dir=in | app=system |
"{E841917F-543A-4D1E-BAAC-F0C32AF5D95B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBA78659-9D6E-4B18-AECA-5EAE8814A760}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049FF5DA-AE98-4285-AF2A-BD75D5BC2820}" = dir=in | app=c:\users\cem\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{0BAC6C3B-5141-46F1-BAA4-44934170BD93}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{11624FD0-1534-4F50-817D-C675167DC0C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14F98C5F-911D-4536-9E70-AA52DA2B3474}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1534E54C-18A6-49F3-A132-B3E78A2D4B22}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{178F8665-3F0B-4996-A04B-E9B7C1A47776}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1C91ADB8-D09C-45C1-8166-4240A36B56A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{1E1B430D-A320-4395-92F4-05CDCA4CF586}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F1B6C7D-4AAB-4BA2-8BBF-14757C851A8C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{2F9F168E-2896-4E6B-8E8F-38360F2DFFBF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2FA0FA3B-7AAA-44E0-8075-6153CE9FCF2A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{30A04706-C3A9-4E40-8FBF-DB1242BF6B91}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{34B7FF5F-BAA2-428B-98EC-7DBE54B7434C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3512E039-C6ED-4CCA-A920-D00FCC724DD4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{368756D0-40F1-4375-8043-49557F11DC6C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{37893409-792C-4E6F-B1F8-838F23BBD901}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39B53AD4-727D-4C13-94BE-CFD3D5EA73B4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{3DF192C7-FB96-4402-9D35-2096667D2DB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4A0A5CE0-54D7-40C3-A5EC-B5351295F25A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{52F872F6-7F44-4723-B14A-E6C40E239D89}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5AFDDC0E-FA52-4E15-A705-FB5EAE81786D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D784F07-7F9E-4ADC-AEA9-573F535B4C41}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5D92D5C6-F94B-4012-8AE1-10157CA2030D}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe |
"{60536484-6352-4061-9016-7AF720E2207A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6288F57E-E44D-4723-ADA6-34D15B595B03}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{671E9D95-4656-43ED-8295-40996FEDB292}" = protocol=6 | dir=out | app=system |
"{696F0547-18DC-422D-A6E6-CC72908E6F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6D9EC7F7-11FC-4D7F-83E1-093C74EF6FB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6EB521C9-B32F-4E67-A5F2-C32E773AC8A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72C55D90-67BE-4D82-8C4D-03C239806260}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
"{74854408-8D33-4DDC-8EF2-DF71D39247B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{75BBEA05-ECB3-40BA-A6EE-8E3ADE11253E}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{7A8DFC5C-8CEF-4E8F-A4DD-F6CE0DBA068D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{7A9F7AD9-0084-4358-9ADB-062313041E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\thehunter\game\thehunter.exe |
"{7B87BCED-01B2-4037-8622-FC27C9938755}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{82CDC385-587F-420F-86BA-AC85E54FC900}" = protocol=6 | dir=in | app=c:\program files (x86)\thehunter\game\thehunter.exe |
"{8382CE81-FBD8-4B60-A644-9E84E082FBE1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EE9DB1B-D300-4E39-AACA-469CC8AB308D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{93794BF5-3F5F-4CF7-8045-BFE848891C7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{93BEE314-ED5D-4495-B450-67A758705372}" = protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{95F0E7BC-2C61-4913-90AE-AC289EE7E97D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC9FCB5C-7457-4BA4-A3D6-4E39DA7A5D85}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{ACAF2782-F6D3-49F5-9C87-95B7507BCD88}" = protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{B4B397EE-09C7-4A06-A389-0F7466D23EE5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5F7A057-866C-4B53-B9B0-DE2AD053ABB7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{BB28A829-1D68-48BE-87D8-4FA5FF473867}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C04456A5-8793-4AAD-8414-5C06A42E6364}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C18D7AE8-E9DB-4F78-950D-2F09E24F257C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C8BC4BA6-83F3-48FF-8ABB-355456E1DF82}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C91A3186-13C2-4B7E-98FF-3862B08076AA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C9578C48-654F-4732-B6A7-C9769E9B6A40}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D6B71D93-244E-405D-9F6C-52F0D4E983E9}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{D999CFCB-27B1-4906-90DA-CE912B7B219E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D9B3DDA3-381C-45DF-A0EB-E59A44FD2689}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE15C9CD-108B-40F5-9A21-A04B39ECA34B}" = protocol=6 | dir=in | app=c:\program files (x86)\thehunter\launcher\launcher.exe |
"{DF62CFEC-3FDF-4A04-A890-460972990096}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E6D44898-F3CB-4000-8537-4F778C542C01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EBA1006D-300D-4199-ABD3-726667F0CAF7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED2D01F4-3937-40EE-8039-750747C0E2D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F11AC9B7-9BE1-40E0-9103-72A912937BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\thehunter\launcher\launcher.exe |
"{F86E40B7-F7B6-4E1C-B2F9-600D93AA2954}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FA87C2D1-C9AB-41DF-B8B4-CCFC1A13AB3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FD807764-7B6F-440D-A79D-D756882F74A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1A33704C-685D-4329-B3FF-E3ACC7FA5C7D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{1B2FFACE-441B-4185-9CD3-E22DF033EB10}C:\users\cem\desktop\jailbrak\tinyumbrella-5.11.01.exe" = protocol=6 | dir=in | app=c:\users\cem\desktop\jailbrak\tinyumbrella-5.11.01.exe |
"TCP Query User{5997B496-F69A-4977-A301-399C55ABA5F0}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"TCP Query User{5CCA414D-D864-492B-B337-93470E56BB23}C:\program files (x86)\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |
"TCP Query User{77C96C2A-DC87-4FA0-B50E-FB9EE0EE64C5}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{79C20D2E-67E8-4FC6-A971-BAB889533565}C:\users\cem\appdata\local\temp\rar$ex70.016\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\cem\appdata\local\temp\rar$ex70.016\redsn0w_win_0.9.10b1\redsn0w.exe |
"TCP Query User{94DC45CB-1A19-4BCE-8263-518862DD31E3}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{9D9AFB8A-ED9E-4BD3-8414-A1BA35747FA1}C:\users\cem\appdata\local\temp\rar$ex25.120\tinyumbrella-5.11.01.exe" = protocol=6 | dir=in | app=c:\users\cem\appdata\local\temp\rar$ex25.120\tinyumbrella-5.11.01.exe |
"TCP Query User{B0C0335C-6254-45C6-A95F-B5D851518C80}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{B317A527-DBD2-4581-8A27-8CA73D04EB94}C:\users\cem\desktop\tinyumbrella-5.11.01.exe" = protocol=6 | dir=in | app=c:\users\cem\desktop\tinyumbrella-5.11.01.exe |
"TCP Query User{B52B58FC-437C-428E-923C-C966085B227F}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe |
"TCP Query User{D01F66ED-2D6E-4F85-9B11-7371F164247B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{F2F57854-07AF-497B-A9A3-8CEA3D867269}C:\users\cem\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\cem\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{F9313D6A-559F-46E1-B53E-B83D1B09E328}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{3E418E72-DDDC-4B64-8D29-D3EE7BBBCC00}C:\users\cem\desktop\tinyumbrella-5.11.01.exe" = protocol=17 | dir=in | app=c:\users\cem\desktop\tinyumbrella-5.11.01.exe |
"UDP Query User{5F926F1A-AB86-4452-8B9B-B239C8D49845}C:\users\cem\appdata\local\temp\rar$ex25.120\tinyumbrella-5.11.01.exe" = protocol=17 | dir=in | app=c:\users\cem\appdata\local\temp\rar$ex25.120\tinyumbrella-5.11.01.exe |
"UDP Query User{69B949E4-1BE9-4B43-8033-DFF7F7BE6E27}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{6FDD807A-5FC7-4763-90C2-13190297E1B8}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{74FA031C-3D5E-47F4-AF9F-73B36EC69FC0}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe |
"UDP Query User{7D80F03D-E6FF-4557-84F7-2191405B9819}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{842ADAB3-D854-45A0-8F4B-3800D669265E}C:\users\cem\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\cem\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{9E9D5548-674D-4F6D-AB71-A04EA5CBF391}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{A54B3E3F-0C13-4D2F-91D6-DB618BE1316C}C:\program files (x86)\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |
"UDP Query User{AC913AC9-5C4A-4BDB-871E-2BEFE9D5A865}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{C3425FAE-EC12-4B9F-B471-D7C2D4F9490C}C:\users\cem\desktop\jailbrak\tinyumbrella-5.11.01.exe" = protocol=17 | dir=in | app=c:\users\cem\desktop\jailbrak\tinyumbrella-5.11.01.exe |
"UDP Query User{D6AEC2D1-E2AA-44DE-AA2B-1148FBC5F283}C:\users\cem\appdata\local\temp\rar$ex70.016\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\cem\appdata\local\temp\rar$ex70.016\redsn0w_win_0.9.10b1\redsn0w.exe |
"UDP Query User{D6C37D96-B26D-431F-8915-B95392E215AE}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"UDP Query User{F3116605-CF3C-4CC2-AA91-ADD01F20AA9C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.474
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE1F1C-FD46-4A9F-B301-6EA419D34D90}" = ArcSoft Magic-i Visual Effects 2
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aMSN" = aMSN 0.98.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Foxit Reader_is1" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"ManyCam" = ManyCam 3.0.68 (remove only)
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OVH hubiC-browser" = OVH hubiC-browser
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpeedFan" = SpeedFan (remove only)
"splashtop" = VAIO Quick Web Access
"uTorrent" = µTorrent
"VAIO Help and Support" =
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2012 07:27:50 | Computer Name = Cem-VAIO | Source = WinMgmt | ID = 10
Description =
 
Error - 15.08.2012 09:03:39 | Computer Name = Cem-VAIO | Source = MsiInstaller | ID = 11310
Description =
 
Error - 15.08.2012 09:27:12 | Computer Name = Cem-VAIO | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error - 15.08.2012 09:27:12 | Computer Name = Cem-VAIO | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
 
Error - 15.08.2012 09:28:09 | Computer Name = Cem-VAIO | Source = WinMgmt | ID = 10
Description =
 
Error - 15.08.2012 09:52:07 | Computer Name = Cem-VAIO | Source = WinMgmt | ID = 10
Description =
 
Error - 15.08.2012 10:03:00 | Computer Name = Cem-VAIO | Source = .NET Runtime | ID = 1026
Description =
 
Error - 15.08.2012 10:03:02 | Computer Name = Cem-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Software4u.IDeviceManager.exe, Version:
 1.3.0.0, Zeitstempel: 0x4fc26378  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000001
ID
 des fehlerhaften Prozesses: 0x1858  Startzeit der fehlerhaften Anwendung: 0x01cd7aee1f282ea0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: ed112b4d-e6e1-11e1-b522-78843ce8fdbd
 
Error - 15.08.2012 11:12:42 | Computer Name = Cem-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 10.6.3.25, Zeitstempel:
 0x4fd16377  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x80000003  Fehleroffset: 0x0001280c  ID des fehlerhaften
 Prozesses: 0x1464  Startzeit der fehlerhaften Anwendung: 0x01cd7af566a6bd2b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a895a6a8-e6eb-11e1-b522-78843ce8fdbd
 
Error - 15.08.2012 11:38:51 | Computer Name = Cem-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: updsvc.dll, Version: 2.4.32.20,
 Zeitstempel: 0x4ede864f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f8b  ID des fehlerhaften
 Prozesses: 0x8d8  Startzeit der fehlerhaften Anwendung: 0x01cd7afc0769ea3a  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 c:\windows\system32\updsvc.dll  Berichtskennung: 4f49baa7-e6ef-11e1-aa14-78843ce8fdbd
 
[ System Events ]
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%2
 
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1062
 
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%2
 
Error - 28.08.2012 09:27:30 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%2
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1062
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 28.08.2012 09:29:32 | Computer Name = Cem-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%2
 
 
< End of report >

Installierte Programme


Code:
Adobe AIR        Adobe Systems Inc.        03.09.2011                2.5.1.17730
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        14.08.2012        6,00MB        11.3.300.271
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        14.08.2012        6,00MB        11.3.300.271
Adobe Shockwave Player        Adobe Systems, Inc.        24.12.2011        25,7MB        11.0
Alps Pointing-device for VAIO        ALPS ELECTRIC CO., LTD.        03.09.2011               
aMSN 0.98.9                11.08.2012               
Apple Application Support        Apple Inc.        14.08.2012        61,0MB        2.1.9
Apple Mobile Device Support        Apple Inc.        14.08.2012        24,9MB        5.2.0.6
Apple Software Update        Apple Inc.        25.10.2011        2,38MB        2.1.3.127
ArcSoft Magic-i Visual Effects 2        ArcSoft        25.10.2011        69,5MB        2.0.1.142
ArcSoft Magic-i Visual Effects 2        ArcSoft        27.04.2012        68,5MB        2.0.99.136
ArcSoft WebCam Companion 4        ArcSoft        22.04.2012        81,3MB        4.0.21.484
Atheros WiFi Driver Installation        Atheros        27.12.2011                3.0
Avira Free Antivirus        Avira        15.08.2012        110MB        12.0.0.1167
Bing Bar        Microsoft Corporation        03.09.2011        24,4MB        7.0.610.0
Bluetooth Win7 Suite (64)        Atheros Communications        03.09.2011        74,5MB        7.3.0.100
Bonjour        Apple Inc.        25.10.2011        2,04MB        3.0.0.10
Browser Manager                15.08.2012               
CCleaner        Piriform        24.07.2012                3.21
Conexant HD Audio        Conexant        03.09.2011                8.54.0.53
Facebook Video Calling 1.2.0.159        Skype Limited        22.03.2012        4,76MB        1.2.159
Foxit Reader        Foxit Corporation        11.08.2012        36,1MB        5.3.1.606
Free YouTube Download version 3.0.19.1206        DVDVideoSoft Ltd.        11.12.2011        68,7MB       
FUSSBALL MANAGER 12        Electronic Arts        19.05.2012        6,58GB        1.0.0.3
Google Chrome        Google Inc.        17.03.2012                21.0.1180.83
ICQ7.6        ICQ        31.10.2011                7.6
iDevice Manager        Marx Softwareentwicklung        15.08.2012        7,40MB        1.3.0.0
Intel(R) Control Center        Intel Corporation        03.09.2011                1.2.1.1007
Intel(R) Management Engine Components        Intel Corporation        03.09.2011                7.0.0.1144
Intel(R) Processor Graphics        Intel Corporation        03.09.2011                8.15.10.2291
Intel(R) Rapid Storage Technology        Intel Corporation        03.09.2011                10.0.0.1046
iTunes        Apple Inc.        14.08.2012        420MB        10.6.3.25
Java(TM) 6 Update 22 (64-bit)        Oracle        03.09.2011        90,6MB        6.0.220
Java(TM) 6 Update 32        Oracle        14.05.2012        95,7MB        6.0.320
Kaspersky Internet Security 2012                15.08.2012               
ManyCam 3.0.68 (remove only)        ManyCam LLC        27.04.2012                3.0.68
Microsoft .NET Framework 1.1        Microsoft        03.01.2012        34,8MB        1.1.4322
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        11.02.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        03.09.2011        2,93MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        11.02.2011        51,9MB        4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        03.09.2011        10,6MB        4.0.30319
Microsoft Office 2010        Microsoft Corporation        03.09.2011        6,31MB        14.0.4763.1000
Microsoft Office Klick-und-Los 2010        Microsoft Corporation        18.08.2012                14.0.4763.1000
Microsoft Office Starter 2010 - Deutsch        Microsoft Corporation        18.08.2012                14.0.4763.1000
Microsoft Silverlight        Microsoft Corporation        16.05.2012        50,6MB        5.1.10411.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        24.12.2011        298KB        8.0.59193
Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        19.01.2012        2,63MB        8.0.51011
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        27.12.2011        788KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        28.12.2011        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        23.12.2011        596KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        19.01.2012        222KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        24.12.2011        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        01.02.2012        15,2MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        15.06.2012        16,6MB        10.0.40219
Mozilla Firefox 15.0 (x86 de)        Mozilla        16.08.2012        39,2MB        15.0
Mozilla Maintenance Service        Mozilla        16.08.2012        327KB        15.0
MSXML 4.0 SP3 Parser        Microsoft Corporation        03.09.2011        1,47MB        4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)        Microsoft Corporation        11.07.2012        1,53MB        4.30.2114.0
MSXML 4.0 SP3 Parser (KB973685)        Microsoft Corporation        27.10.2011        1,53MB        4.30.2107.0
NVIDIA PhysX        NVIDIA Corporation        09.02.2012        78,9MB        9.10.0513
OVH hubiC-browser                06.06.2012                0.3.8
PMB        Sony Corporation        03.09.2011        282MB        5.5.02.12220
QuickTime        Apple Inc.        15.12.2011        73,2MB        7.71.80.42
Realtek PCIE Card Reader        Realtek Semiconductor Corp.        03.09.2011                6.1.7600.77
Revo Uninstaller 1.94        VS Revo Group        11.08.2012                1.94
Skype™ 5.8        Skype Technologies S.A.        24.03.2012        19,0MB        5.8.158
Snagit 10.0.1        TechSmith Corporation        21.11.2011        68,8MB        10.0.1
SpeedFan (remove only)                27.08.2012               
System.Data.SQLite v1.0.81.0        System.Data.SQLite Team        15.06.2012        7,98MB        1.0.81.0
Unity Web Player        Unity Technologies ApS        30.10.2011        12,0MB       
VAIO - Media Gallery        Sony Corporation        03.09.2011                1.5.0.16020
VAIO - PMB VAIO Edition Guide        Sony Corporation        03.09.2011        72,3MB        1.6.00.06030
VAIO - PMB VAIO Edition Plug-in        Sony Corporation        03.09.2011        193MB        1.6.10.11160
VAIO - Remote Play mit PlayStation®3        Sony Corporation        03.09.2011                1.1.0.15070
VAIO - Remote-Tastatur        Sony Corporation        03.09.2011                1.0.1.03020
VAIO Care        Sony Corporation        26.11.2011                6.4.2.11150
VAIO Control Center        Sony Corporation        03.09.2011                4.5.0.03040
VAIO Data Restore Tool        Sony Corporation        03.09.2011                1.6.0.13140
VAIO Easy Connect        Sony Corporation        21.01.2012        14,6MB        1.1.2.01120
VAIO Event Service        Sony Corporation        03.09.2011                5.5.0.03040
VAIO Gate        Sony Corporation        15.05.2012                2.4.2.02200
VAIO Gate Default        Sony Corporation        03.09.2011                2.4.0.03240
VAIO Hero Screensaver - Summer 2011 Screensaver                25.10.2011               
VAIO Improvement        Sony Corporation        03.09.2011                1.0.0.14150
VAIO Improvement Validation        Sony Corporation        03.09.2011        496KB        1.0.4.01190
VAIO Quick Web Access        Sony Corporation        03.09.2011        334MB        1.4.5.3
VAIO Sample Contents        Sony Corporation        03.09.2011                1.4.2.09010
VAIO Smart Network        Sony Corporation        03.04.2012                3.8.0.08120
VAIO Update        Sony Corporation        03.04.2012                5.6.1.02150
VAIO-Handbuch        Sony Corporation        03.09.2011                2.0.0.02250
VAIO-Support für Übertragungen        Sony Corporation        03.09.2011                1.4.0.14230
VLC media player 2.0.1        VideoLAN        14.05.2012                2.0.1
Web Assistant 2.0.0.474        IncrediBar        15.08.2012        2,03MB       
Winamp        Nullsoft, Inc        07.06.2012                5.623
Winamp Erkennungs-Plug-in        Nullsoft, Inc        14.05.2012        75,0KB        1.0.0.1
Windows Live Mesh ActiveX Control for Remote Connections                11.02.2011               
Windows Media Player Firefox Plugin        Microsoft Corp        11.04.2012        296KB        1.0.0.8
Windows Mobile-Gerätecenter        Microsoft Corporation        19.12.2011        27,4MB        6.1.6965.0
WinRAR 4.01 (64-Bit)        win.rar GmbH        26.10.2011                4.01.0
µTorrent                01.11.2011                3.0.0

kira 28.08.2012 15:13
sieht nicht gut aus, Du hast vermutlich "Mediyes" auf deinem Rechner!
ich denke, dass wir zunächst prüfen müssen:

Lanmanworkstation-Check

Um zu testen, ob Dein Computer von dem Virus befallen ist, der die Dienste Arbeitsstationsdienst und DNS-Client auf schädliche Dateien umleitet, führe bitte folgenden Schnelltest durch:

Lade die LanmanCheck.exe herunter und speichere sie auf Deinem Desktop.
Führe die Datei aus und lasse Dir die Infos anzeigen, indem Du die Frage mit "Ja" antwortest.
Es öffnet sich eine Messagebox, die darüber informiert, ob der Rechner infiziert ist oder nicht und was ggfs. zu tun ist.
Markiere in beiden Fällen den Inhalt der Messagebox und kopiere den Text hier in den Thread.

thugtr1905 28.08.2012 15:16
Also ich kann die datei LanmanCheck.exe es kommt der fehler : LL im Lanmanworkstation Schlüssel:
Geladene DLL:
Signatur der DLL:
Rückgabe der Signaturermittlung: Das System kann die angegebene Datei nicht finden.
MD5 der DLL:

DLL im Dnscache Schlüssel: %SystemRoot%\System32\dnsrslvr.dll
Geladene DLL: C:\Windows\System32\dnsrslvr.dll
Signatur der DLL: Microsoft Windows
Rückgabe der Signaturermittlung: Der Vorgang wurde erfolgreich beendet.
MD5 der DLL: 16835866AAA693C7D7FCEBA8FFF706E4

Der Lanmanworkstation Schlüssel konnte nicht ausgelesen werden oder ist nicht vorhanden!
Die im Dnscache Schlüssel angegebenen DLL ist scheinbar nicht von Microsoft signiert - das könnte unter Umständen auf eine Infektion hindeuten!

kira 28.08.2012 18:11
Leider hat sich die Verdachtsdiagnose bestätigt, somit kommt nur eine Option in Frage, und zwar: dass Du windows neu installieren mußt.
Äußerst schwierig, alle Spuren finden, folgen und zuverlässig zu beseitigen. Die Symptome sind sehr unterschiedlich, und die Infektion bleibt oft über mehrere Wochen oder sogar Monate unbemerkt.
PC neu aufsetzen kann nur ein paar Stunden dauern und die Festplatte 100%ig frei von Viren oder sonstiger Malware!

Tipps & Rat:

1.
Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

2.
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7

3.
- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:
Zitat:
Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check
Die Online-Scanner sind alle reine On-Demand-Scanner. Sie durchsuchen einzelne Dateien oder Verzeichnisse, wahlweise die gesamte Festplatte, haben keinen Hintergrundwächter oder andere residente Prozesse. Dadurch verbrauchen sie ausser Festplattenspeicher keine Resourcen und man kann beliebig viele gleichzeitig installieren. Die Online-Scanner sind gut geeignet um sich eine zweite Meinung einzuholen.

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

thugtr1905 28.08.2012 18:44
erstmal sehr vielen dank für alle deine bemühungen- also neuaufsetzen würde ich gerne als letzde wahl in betracht ziehen.. eine andere möglichkeit empfiehlst du mir nicht ?? es auf die schwierigere art zu machen ??

kira 28.08.2012 19:37
Zitat:
Zitat von thugtr1905 (Beitrag 902210)
also neuaufsetzen würde ich gerne als letzde wahl in betracht ziehen..
Hast Du leider gar keine andere Wahl, da der Verwendung aller Mittel, die uns zur Verfügung stehen, reichen in diesem Fall nicht aus! Hier findet von außen gerade Fremdeingriff durch andere Personen statt!

thugtr1905 28.08.2012 19:39
okey währe es sinvoll wichtige datein auf eine partiton zu verschrieben da ich externe speicher nicht zu verfügung habe. und wie ist das muss ich zum formatieren eine recovery disc erstellen ??

kira 28.08.2012 20:30
Es gibt immer etwas, das schief gehen kann und ob nicht etwas "mitverschoben" wird, was eigentlich nicht sollte...


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131