Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bei Klick in Google kommen Werbeseiten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.12.2012, 14:34   #1
yasmin79
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten



Hallo ich bitte euch um Hilfe, jedesmal bei klick in Google kommen irgenwelche
Werbeseiten.
Malewarebytes habe ich durchgeführt, report füge ich bei. Danke Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.29.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
özlem :: SIPSAK [Administrator]

Schutz: Aktiviert

29.12.2012 15:17:43
mbam-log-2012-12-29 (15-17-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257448
Laufzeit: 5 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 20
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\özlem\AppData\Local\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\özlem\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 10
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\özlem\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 29.12.2012, 16:31   #2
yasmin79
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten



hier ist quickscan von OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/29/2012 5:02:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\özlem\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.45% Memory free
7.60 Gb Paging File | 5.58 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 546.25 Gb Total Space | 475.98 Gb Free Space | 87.14% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 24.92 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
 
Computer Name: SIPSAK | User Name: özlem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/12/29 16:56:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\özlem\Downloads\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/12 00:32:10 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
PRC - [2012/10/03 13:26:12 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2012/08/09 14:30:31 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/30 17:03:22 | 003,460,760 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
PRC - [2012/05/09 14:50:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/09 14:50:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/05 09:40:32 | 002,898,432 | ---- | M] (Ginger Software) -- C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/29 05:07:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/10/27 13:00:48 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/10/27 12:59:10 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/06 13:31:34 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe
PRC - [2010/09/06 13:29:36 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\Avea Jet Mobil Modem\AssistantServices.exe
PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2010/05/25 09:37:36 | 000,253,440 | ---- | M] (Cybits AG) -- C:\Program Files (x86)\KSS-fragFINN\AutoUpdaterService.exe
PRC - [2010/05/21 09:21:12 | 001,046,016 | ---- | M] () -- C:\Program Files (x86)\KSS-fragFINN\cy-Software.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/28 00:27:00 | 000,010,856 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2010/09/06 13:31:34 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe
MOD - [2010/05/21 09:21:12 | 001,046,016 | ---- | M] () -- C:\Program Files (x86)\KSS-fragFINN\cy-Software.exe
MOD - [2010/05/21 09:20:44 | 000,794,112 | ---- | M] () -- C:\Program Files (x86)\KSS-fragFINN\cy_Software.dll
MOD - [2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- C:\ProgramData\Babylon\sqlite3.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/10/03 13:26:12 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater Updater)
SRV:64bit: - [2012/10/02 16:20:24 | 001,261,936 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/12 14:32:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/09 14:50:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 14:50:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/21 06:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/12/06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010/10/27 13:00:48 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/10/27 12:59:10 | 000,236,136 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/06 13:29:36 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Avea Jet Mobil Modem\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/05/25 09:37:36 | 000,253,440 | ---- | M] (Cybits AG) [verify-U]-Updater) [verify-U]-Updater-Service [Auto | Running] -- C:\Program Files (x86)\KSS-fragFINN\AutoUpdaterService.exe -- ([verify-U]-Updater)
SRV - [2010/05/21 09:32:36 | 000,198,656 | ---- | M] (Cybit AG) [verify-U]) [verify-U]-Service [Auto | Stopped] -- C:\Program Files (x86)\KSS-fragFINN\cy-Service.exe -- ([verify-U])
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/09 14:50:35 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/09 14:50:35 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/06 08:11:43 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/29 05:07:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/28 00:27:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/09/30 13:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 13:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 15:15:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/05/24 15:46:36 | 000,246,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/04 17:53:02 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/02 13:25:26 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/02/27 04:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/25 15:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/12/10 19:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/10/29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/10/29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/10/29 18:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/10/15 14:02:22 | 000,016,128 | ---- | M] (Cybits AG) [verify-U]_System) [verify-U]_System [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\cy-driver.sys -- ([verify-U]_System)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0E982592-7741-4522-B3C7-CCB87237D1FB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&affID=110900&tt=3412_1
IE - HKCU\..\SearchScopes\{317051D6-6951-4D0E-A0D8-6CBAAE5A7259}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb192/?search={searchTerms}&loc=IB_DS&a=6PQNHMXsSo&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012/10/25 14:11:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/10/25 14:11:06 | 000,000,000 | ---D | M]
 
[2012/10/25 14:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=110900&tt=3412_1&babsrc=SP_def&mntrId=ca8fa2890000000000007e6d620ee1ad
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\\u00F6zlem\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\\u00F6zlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Babylon Translator = C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
CHR - Extension: IB Updater = C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.534_0\
CHR - Extension: Skype Click to Call = C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Google Mail = C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe ()
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKCU..\Run: [Cyryiw] rundll32 "C:\Users\özlem\AppData\Roaming\OpenCLB.dll",Lnfcxvy File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {40C6A941-24A0-4CAD-98D2-018E9584BEDC} hxxp://download.talkyroom.com/talkyldr.cab (TalkyRoom)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B215AABE-DE07-45A6-9ECB-EAC004B70B27}: DhcpNameServer = 212.65.128.2 212.65.129.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BEC6CA-6CB9-41F2-814D-28C04FDB7390}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8f9a3683-ca69-11e0-be44-485d60d3a837}\Shell - "" = AutoRun
O33 - MountPoints2\{8f9a3683-ca69-11e0-be44-485d60d3a837}\Shell\AutoRun\command - "" = F:\windows\Install.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\windows\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/29 15:16:22 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Roaming\Malwarebytes
[2012/12/29 15:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/29 15:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/29 15:16:13 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/29 15:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/29 15:15:47 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\Programs
[2012/12/29 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{917C13C5-7166-4674-A951-951D4A595036}
[2012/12/27 21:04:35 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{9832F7EA-3420-49D9-9E4F-38B6F8868D72}
[2012/12/20 21:22:42 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{86746C54-8E65-4830-869C-61336F09DBC5}
[2012/12/20 08:49:55 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{0425E1F3-3BC6-472C-A767-472D247EB3CD}
[2012/12/19 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{BDBB63AB-84E9-4231-912B-6E7B199DF3A5}
[2012/12/18 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{A5CCA7BD-A616-48D5-B437-9B80C64427F7}
[2012/12/17 21:41:20 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{55F04605-761B-425C-B0AF-9593B532BEFA}
[2012/12/17 00:03:30 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{B4CD184A-5F79-4E33-BA7A-1F5C81A81D66}
[2012/12/16 14:42:04 | 000,000,000 | ---D | C] -- C:\Users\özlem\Desktop\arda sunshine
[2012/12/16 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\özlem\Desktop\alican sunshine
[2012/12/16 12:03:05 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{A26EFFA1-E0DB-4D3C-B9F9-A8268FF1FBD5}
[2012/12/14 12:56:53 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{4A565EC5-AE0D-4951-892D-8F0E218D8172}
[2012/12/13 23:16:26 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{A9D09B50-1AFC-4180-8A2C-CE250CFD73D8}
[2012/12/12 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{6A268DEE-81CF-4123-8B7F-5B2D1886F0C7}
[2012/12/11 15:51:18 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{D39AC342-ECB1-4423-8784-F31E7619B8B1}
[2012/12/10 22:54:07 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{86434326-26FD-4EFB-9F37-31840E1CAD1B}
[2012/12/08 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{5E786E41-FA05-4A2D-83A6-F42676525BE4}
[2012/12/07 23:27:02 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{FDF95F98-7A78-45F7-908E-9FE33C0C7170}
[2012/12/05 16:40:09 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{332C88DD-DFE3-4AB9-B323-E808C918AAE9}
[2012/12/04 00:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/04 00:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/12/04 00:06:47 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{CF921909-9C1F-4F96-9B6F-B1AAD83F02F7}
[2012/12/02 15:11:07 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{BE14CF0D-38A9-44AE-9212-B88432BA23A1}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/29 17:00:43 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 17:00:43 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 16:52:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/29 16:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/29 16:52:07 | 3061,911,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/29 16:51:17 | 000,000,020 | ---- | M] () -- C:\Users\özlem\defogger_reenable
[2012/12/29 16:40:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-778098445-3130377673-3491379081-1005UA.job
[2012/12/29 16:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/29 16:08:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/29 15:16:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/29 13:39:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-778098445-3130377673-3491379081-1005Core.job
[2012/12/24 15:28:08 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/24 15:28:08 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/24 15:28:08 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/24 15:28:08 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/24 15:28:08 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/21 12:52:40 | 000,289,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/14 00:09:35 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/04 00:21:52 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/29 16:51:16 | 000,000,020 | ---- | C] () -- C:\Users\özlem\defogger_reenable
[2012/12/29 15:16:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/28 17:56:04 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/14 17:02:01 | 000,000,044 | ---- | C] () -- C:\Users\özlem\.edu.xtec.properties
[2011/04/06 22:52:21 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/12 13:10:28 | 000,000,680 | RHS- | C] () -- C:\Users\özlem\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/08/21 22:11:08 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\Babylon
[2011/03/20 11:16:23 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\BullGuard
[2012/06/10 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\DVDVideoSoft
[2011/07/25 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/11/03 00:14:34 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\eType
[2012/04/07 08:17:36 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\ImgBurn
[2012/10/04 14:30:46 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\Phase6
[2012/12/20 09:40:39 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\SoftGrid Client
[2011/03/20 11:16:23 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\Software Inspection Library
[2011/04/06 22:53:28 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\TP
[2011/05/08 12:46:07 | 000,000,000 | ---D | M] -- C:\Users\özlem\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
und ExtraOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12/29/2012 5:02:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\özlem\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.45% Memory free
7.60 Gb Paging File | 5.58 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 546.25 Gb Total Space | 475.98 Gb Free Space | 87.14% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 24.92 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
 
Computer Name: SIPSAK | User Name: özlem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0B918E61-C49A-4F7D-8AA6-7E30992351B3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{112FD7F5-A116-46AC-B6CA-574C605B9DF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{12257570-47E5-4B90-AD5A-8D0EF0A43E00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{17A7BF2D-C311-42F1-A142-FC3D85345E0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1DA0E94D-7DB7-449B-9742-15A2FC2EA199}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{29C8FF4E-B693-406D-BD25-5B4AB39F9FFA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2ED214F6-0B36-49A0-9E96-564CC921F1FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{306A0AEF-6939-45A9-B0B2-B71D9786812B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{3E3EBEE1-3A3C-4746-A8ED-60B237372F70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B5D24DD-42C6-4919-B55C-C68B9DFB7C2C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5854C3E0-853D-42FD-92C4-8C97ABC72FB5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A5EB787-C42E-4C70-A8DB-21F5965AE5CE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8834ABE0-5506-40EB-93A1-1C590109556F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8892EEDF-4FB2-4953-B564-6B12FAB75EB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C9EA292-3AC6-4FC4-93E8-02B84FB6E6AE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{971A2501-43A7-4EB8-9D84-6EADF76DD45C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9AF621B7-0C81-41E9-A487-551C0FB46AE5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A19FD8E5-96E2-4B05-87E6-5798B469D6BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A8B5CD0D-BCC7-48F9-86D5-740C6FE93D1E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C0941892-A177-4F0F-A44E-B40D98C13A85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9DE7748-50C6-4289-A130-DE203DBD72E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CC740CAD-AC83-4827-B9E0-95E0EBA3F056}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D28BD8DA-95B7-41E1-8650-FD5539BEE528}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE85604A-0794-4116-A963-CA6C2A2C6248}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DE8B9542-F7C1-406C-9B6F-90B93F186AEA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E24EC4E7-EABF-429B-BA0C-40107D9963F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E88D95A2-39BE-4D0A-9AFE-CBA34C58F6A5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E9B06A87-5B83-4BCB-B81C-76B6F22FA27F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE9AFBCC-47D0-42A8-901F-F7F557DD9796}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF194D91-2394-4C49-BAB0-FABBB3BB2350}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F1428F57-7CD6-4E8A-8867-8C5BCE2C3598}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E4E8AE-1DCA-4457-8138-932BA8E237F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{018209D7-7908-466B-BED7-E8AF1B598B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{0864561B-83A9-4692-B7AD-800AE06B9E71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B504747-BEAD-4CBB-B7C0-00CD4944AD18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0DC23DE5-FF83-42C2-A303-7E5E6EA8F735}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{1A910C47-FC4A-49E7-B6C7-8D933585319D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{1B34F7D0-B30F-4AF8-8657-5E3BE9119543}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1C92B995-DB9B-453D-87A4-84A48A08280B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2010C135-2C18-4A02-A023-2408898824B4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{241D3DC5-D92D-46E6-8D7C-E137843328E1}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{29D9A72C-EE9D-4B40-BB78-9FD8263980AF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{2CBC1BFD-2E5C-49A4-B582-D1CC79CA9631}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FCA36DE-3BD8-4A8E-845F-60693DBB1E59}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{304689B3-6EBA-4AD1-B760-5E8CA241872E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{33B7496A-35E0-4035-B7E9-0D8227BA2CD1}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{47E8B380-FB68-432D-9270-E0DC23F9F7DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EC8A141-4525-4E0B-A3C5-2D68E5DD2E89}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{51C3572A-2F52-42C3-BB01-CEA3C0664038}" = protocol=58 | dir=in | app=system | 
"{59FDCBF0-EB0B-4DE4-8E2E-52B3701DDF34}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{5DC4E02A-D5D7-4A78-808A-BF2E3B7038D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60BD55EA-5D7F-474A-B66C-3B7A385E7843}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{78D5C9ED-B08A-4633-9D27-4187ED42B2E6}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{826AD2A0-D501-4531-B1EA-11D2A19E9E7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85FC4BBC-6FB2-48A7-AC33-2CEA9E4DE087}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{87D017F4-4174-4F60-8481-D7AF595986BA}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{8F2EA23B-738C-40E3-A62C-4A5780A28625}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{93054332-584D-4B91-9073-CA319DA3FD2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9710D6B9-5518-401E-8AE1-D2CBEDBA3081}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8279752-2D83-4BD8-A2D8-E59C2DA9F783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B307F381-9660-4AA5-B84B-51AFD4AA779B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B66D977B-41D7-4740-A88E-ACF78FF8A9C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6D89175-00DB-4584-86C6-C25E8C9F320C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BBC0C339-CE64-457B-A4DC-14EA7FE026D0}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{BDFF778C-6E43-4F7B-BF7D-BB052E8E066E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe | 
"{C14ECDAF-68A3-43A4-8FC4-9DFC93A48D60}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C2037CD7-2B8C-4E6F-8769-CAC81F6BC079}" = protocol=6 | dir=out | app=system | 
"{D0670AE8-0BFD-4B22-9C97-6D9375BE94A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DFCC4ED1-50EB-4B24-A9D0-F8AF513F6A97}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E55DA571-EE7C-4339-A6B8-8CA3DB379EE7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F33AC8D2-E1AF-4B81-B42E-6A1F98CE3A3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4B9A2F7-0C2F-4008-A27F-4BB7AA9F54A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F99342E7-89F3-4E83-915D-035B12DD9B91}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{9EC4C164-B938-4FA9-BDF3-AB7D8320C685}C:\users\alican\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\alican\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{E83B65E1-32D5-4634-9026-7AE195771301}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{F3956119-C811-4191-9EAA-16EEF81FA01E}C:\program files (x86)\rockstar games\midnight club ii\mc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\midnight club ii\mc2.exe | 
"UDP Query User{2427084E-67B2-40F6-8469-A968A385AA85}C:\program files (x86)\rockstar games\midnight club ii\mc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\midnight club ii\mc2.exe | 
"UDP Query User{47026DC5-3811-4A81-97EF-594B2DA3DA0F}C:\users\alican\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\alican\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{D971C1F9-05C4-4661-849D-B95ED27C127F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D2596F8-5EDD-4F8A-BA88-734E5549DD72}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.534
"{3F2A8756-C008-43D7-8E1D-7300AA394549}" = Windows Live Family Safety
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{48491B19-3759-428B-9560-7AE4697B8FFF}" = Windows Live Family Safety
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AAE97E7E-B3A6-42BA-ADA5-04A0E6FD7224}" = Windows Live Family Safety
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CE6D49CE-ED18-47E1-8449-037BC7181450}" = Windows Live Family Safety
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{F71F4E15-C711-4010-B1BD-74EE2618B86F}" = Windows Live Family Safety
"{FD41A335-9425-44CB-B1D6-E657C52F7DC6}" = Windows Live Family Safety
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"WNLT" = IB Updater Service
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{307702F6-FD2C-484A-8F2E-A1DCE85FD9CC}_is1" = 2weistein
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Avea Jet Mobil Modem
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14F9EE9-9B68-42B4-90F7-0924F7619281}" = Spremljevalec Messenger
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F3856E7C-AD71-48E1-9A95-6D7E7FCB164A}" = Midnight Club II
"{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}" = Messenger kísérő
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"Babylon" = Babylon
"conduitEngine" = Conduit Engine 
"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.7.608
"Free Studio_is1" = Free Studio version 5.1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"KSS-fragFINN" = KSS-fragFINN 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"phase-6" = phase-6 2.3.0
"SpeakyChat" = SpeakyChat-VoiceChat
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC classic" = VLC classic
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/27/2012 4:38:54 PM | Computer Name = sipsak | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9781
 
Error - 6/27/2012 4:38:55 PM | Computer Name = sipsak | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/27/2012 4:38:55 PM | Computer Name = sipsak | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10826
 
Error - 6/27/2012 4:38:55 PM | Computer Name = sipsak | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10826
 
Error - 6/27/2012 4:40:03 PM | Computer Name = sipsak | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/27/2012 4:40:03 PM | Computer Name = sipsak | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 79201
 
Error - 6/27/2012 4:40:03 PM | Computer Name = sipsak | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 79201
 
Error - 7/2/2012 4:50:32 PM | Computer Name = sipsak | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Updater.exe, Version: 5.9.1.44062,
 Zeitstempel: 0x4fce1501  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00ce00c4  ID des fehlerhaften
 Prozesses: 0x688  Startzeit der fehlerhaften Anwendung: 0x01cd5893ecca07d3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Updater\Updater.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 8fffe4e2-c487-11e1-b1dd-00262dc4919e
 
Error - 7/10/2012 1:12:40 PM | Computer Name = sipsak | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WButton.exe, Version: 1.0.9.4, Zeitstempel:
 0x4c1efc99  Name des fehlerhaften Moduls: WButton.exe, Version: 1.0.9.4, Zeitstempel:
 0x4c1efc99  Ausnahmecode: 0x40000015  Fehleroffset: 0x0003c171  ID des fehlerhaften Prozesses:
 0x490  Startzeit der fehlerhaften Anwendung: 0x01cd5ebefacf4bb2  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Launch Manager\WButton.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Launch Manager\WButton.exe  Berichtskennung: 73974602-cab2-11e1-a5ff-00262dc4919e
 
Error - 7/14/2012 6:37:14 PM | Computer Name = sipsak | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: bd0    Startzeit: 01cd6210fd7023de    Endzeit: 0    Anwendungspfad: C:\Program
 Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
[ Media Center Events ]
Error - 3/27/2011 11:48:18 AM | Computer Name = özlem-PC | Source = MCUpdate | ID = 0
Description = 17:48:17 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 3/27/2011 11:49:16 AM | Computer Name = özlem-PC | Source = MCUpdate | ID = 0
Description = 17:49:00 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 8/27/2011 4:35:44 PM | Computer Name = sipsak | Source = MCUpdate | ID = 0
Description = 22:35:44 - Fehler beim Herstellen der Internetverbindung.  22:35:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/27/2011 4:35:52 PM | Computer Name = sipsak | Source = MCUpdate | ID = 0
Description = 22:35:49 - Fehler beim Herstellen der Internetverbindung.  22:35:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/4/2011 9:51:35 AM | Computer Name = sipsak | Source = MCUpdate | ID = 0
Description = 15:51:35 - Fehler beim Herstellen der Internetverbindung.  15:51:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/4/2011 9:51:41 AM | Computer Name = sipsak | Source = MCUpdate | ID = 0
Description = 15:51:41 - Fehler beim Herstellen der Internetverbindung.  15:51:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/4/2011 9:51:53 AM | Computer Name = sipsak | Source = MCUpdate | ID = 0
Description = 15:51:47 - Fehler beim Herstellen der Internetverbindung.  15:51:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/4/2011 9:51:53 AM | Computer Name = sipsak | Source = MCUpdate | ID = 0
Description = 15:51:40 - Fehler beim Herstellen der Internetverbindung.  15:51:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/7/2011 7:39:51 PM | Computer Name = sipsak | Source = MCUpdate | ID = 0
Description = 00:39:51 - Fehler beim Herstellen der Internetverbindung.  00:39:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/7/2011 7:39:57 PM | Computer Name = sipsak | Source = MCUpdate | ID = 0
Description = 00:39:56 - Fehler beim Herstellen der Internetverbindung.  00:39:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 12/29/2012 9:44:33 AM | Computer Name = sipsak | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
Error - 12/29/2012 10:02:41 AM | Computer Name = sipsak | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 12/29/2012 10:35:57 AM | Computer Name = sipsak | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\cy-driver.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 12/29/2012 10:36:49 AM | Computer Name = sipsak | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
Error - 12/29/2012 10:36:50 AM | Computer Name = sipsak | Source = Service Control Manager | ID = 7023
Description = Der Dienst "[verify-U]-Service" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 12/29/2012 11:52:04 AM | Computer Name = sipsak | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\cy-driver.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 12/29/2012 11:53:08 AM | Computer Name = sipsak | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 watchmi service erreicht.
 
Error - 12/29/2012 11:53:08 AM | Computer Name = sipsak | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 12/29/2012 11:53:21 AM | Computer Name = sipsak | Source = Service Control Manager | ID = 7023
Description = Der Dienst "[verify-U]-Service" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 12/29/2012 11:53:29 AM | Computer Name = sipsak | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
 
< End of report >
         
--- --- ---
__________________


Alt 29.12.2012, 16:53   #3
M-K-D-B
/// TB-Ausbilder
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.







Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Warum ist das Service Pack 1 für Windows 7 nicht installiert?
Welche Art von Werbeseiten werden angezeigt?
Tritt das Problem sowohl im IE als auch in Chrome auf?






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix,
  • die Beantwortung der gestellten Fragen.
__________________
__________________

Alt 29.12.2012, 17:51   #4
yasmin79
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten



Hallo danke erstmal für die Hilfe, ich poste schon mal vom adwcleaner
# AdwCleaner v2.104 - Datei am 29/12/2012 um 18:38:41 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : özlem - SIPSAK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\özlem\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : IBUpdaterService

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Public\Desktop\Babylon.lnk
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Gelöscht mit Neustart : C:\Program Files\IB Updater
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files (x86)\incredibar.com
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\alican\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\alican\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Ordner Gelöscht : C:\Users\alican\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\alican\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\alican\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\alican\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\alican\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\alican\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\özlem\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\özlem\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\özlem\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\özlem\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\özlem\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\özlem\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\özlem\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\özlem\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\özlem\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\özlem\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\ZLEM~1\AppData\Local\Temp\Babylon
Ordner Gelöscht : C:\Users\ZLEM~1\AppData\Local\Temp\BabylonToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\I Want This
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DSNR Labs
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E93184A1-3335-480C-A9DE-34EC452BD322}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E93184A1-3335-480C-A9DE-34EC452BD322}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22A72EBD-38C4-426B-AF79-37118077EBF1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B51951D5-153C-48E4-9FAF-FA6C7800B538}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBAAFBA0-3346-4E16-A0D8-54F93B884AC1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.48] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gelöscht [l.51] : keyword = "babylon.com",
Gelöscht [l.54] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110900&tt=3412_1&babsrc=SP_def[...]

Datei : C:\Users\alican\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.35] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gelöscht [l.38] : keyword = "babylon.com",
Gelöscht [l.41] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&affID=110900&tt=3412_1[...]

*************************

AdwCleaner[S1].txt - [24005 octets] - [29/12/2012 18:38:41]

########## EOF - C:\AdwCleaner[S1].txt - [24066 octets] ##########

Alt 29.12.2012, 18:17   #5
M-K-D-B
/// TB-Ausbilder
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten



Servus,


ok, fehlen noch die Logdateien von JRT und ComboFix sowie die Beantwortung der gestellten Fragen.

__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 30.12.2012, 15:47   #6
yasmin79
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten



so jetzt einmal JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.2 (12.29.2012:3)
OS: Windows 7 Home Premium x64
Ran by ”zlem on 30.12.2012 at 16:03:51,58
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\”zlem\appdata\local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Folder] C:\Users\”zlem\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.12.2012 at 16:12:36,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und jetzt Combofix
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-30.01 - özlem 30.12.2012  16:21:06.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3893.2197 [GMT 1:00]
ausgeführt von:: c:\users\÷zlem\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-28 bis 2012-12-30  ))))))))))))))))))))))))))))))
.
.
2012-12-30 15:06 . 2012-12-30 15:06	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EFD95CA-9AE6-4AB4-BF8D-918156C4FFDB}\offreg.dll
2012-12-30 15:02 . 2012-12-30 15:02	--------	d-----w-	c:\windows\ERUNT
2012-12-30 15:02 . 2012-12-30 15:07	--------	d-----w-	C:\JRT
2012-12-30 14:55 . 2012-12-30 14:56	--------	d-----w-	c:\users\özlem\AppData\Local\{646B33CA-3071-41EB-80C2-4F1E63DFD84D}
2012-12-29 14:16 . 2012-12-29 14:16	--------	d-----w-	c:\users\özlem\AppData\Roaming\Malwarebytes
2012-12-29 14:16 . 2012-12-29 14:16	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-29 14:16 . 2012-12-29 14:16	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-29 14:16 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-29 14:15 . 2012-12-29 14:15	--------	d-----w-	c:\users\özlem\AppData\Local\Programs
2012-12-29 13:46 . 2012-12-29 13:46	--------	d-----w-	c:\users\özlem\AppData\Local\{917C13C5-7166-4674-A951-951D4A595036}
2012-12-28 19:26 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EFD95CA-9AE6-4AB4-BF8D-918156C4FFDB}\mpengine.dll
2012-12-27 20:04 . 2012-12-27 20:05	--------	d-----w-	c:\users\özlem\AppData\Local\{9832F7EA-3420-49D9-9E4F-38B6F8868D72}
2012-12-21 11:35 . 2012-12-16 16:52	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 11:35 . 2012-12-16 14:25	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 11:35 . 2012-12-16 14:40	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 11:35 . 2012-12-16 14:25	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 20:22 . 2012-12-20 20:22	--------	d-----w-	c:\users\özlem\AppData\Local\{86746C54-8E65-4830-869C-61336F09DBC5}
2012-12-20 07:49 . 2012-12-20 07:50	--------	d-----w-	c:\users\özlem\AppData\Local\{0425E1F3-3BC6-472C-A767-472D247EB3CD}
2012-12-19 15:08 . 2012-12-19 15:08	--------	d-----w-	c:\users\özlem\AppData\Local\{BDBB63AB-84E9-4231-912B-6E7B199DF3A5}
2012-12-18 14:49 . 2012-12-18 14:50	--------	d-----w-	c:\users\özlem\AppData\Local\{A5CCA7BD-A616-48D5-B437-9B80C64427F7}
2012-12-17 20:41 . 2012-12-17 20:41	--------	d-----w-	c:\users\özlem\AppData\Local\{55F04605-761B-425C-B0AF-9593B532BEFA}
2012-12-16 23:03 . 2012-12-16 23:03	--------	d-----w-	c:\users\özlem\AppData\Local\{B4CD184A-5F79-4E33-BA7A-1F5C81A81D66}
2012-12-16 11:03 . 2012-12-16 11:03	--------	d-----w-	c:\users\özlem\AppData\Local\{A26EFFA1-E0DB-4D3C-B9F9-A8268FF1FBD5}
2012-12-14 11:56 . 2012-12-14 11:57	--------	d-----w-	c:\users\özlem\AppData\Local\{4A565EC5-AE0D-4951-892D-8F0E218D8172}
2012-12-13 22:16 . 2012-12-13 22:16	--------	d-----w-	c:\users\özlem\AppData\Local\{A9D09B50-1AFC-4180-8A2C-CE250CFD73D8}
2012-12-13 00:45 . 2012-11-14 06:04	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-12-12 22:18 . 2012-11-09 05:34	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 13:17 . 2012-12-12 13:17	--------	d-----w-	c:\users\özlem\AppData\Local\{6A268DEE-81CF-4123-8B7F-5B2D1886F0C7}
2012-12-11 14:51 . 2012-12-11 14:51	--------	d-----w-	c:\users\özlem\AppData\Local\{D39AC342-ECB1-4423-8784-F31E7619B8B1}
2012-12-10 21:54 . 2012-12-10 21:54	--------	d-----w-	c:\users\özlem\AppData\Local\{86434326-26FD-4EFB-9F37-31840E1CAD1B}
2012-12-08 17:24 . 2012-12-08 17:25	--------	d-----w-	c:\users\özlem\AppData\Local\{5E786E41-FA05-4A2D-83A6-F42676525BE4}
2012-12-07 22:27 . 2012-12-07 22:27	--------	d-----w-	c:\users\özlem\AppData\Local\{FDF95F98-7A78-45F7-908E-9FE33C0C7170}
2012-12-05 15:40 . 2012-12-05 15:40	--------	d-----w-	c:\users\özlem\AppData\Local\{332C88DD-DFE3-4AB9-B323-E808C918AAE9}
2012-12-03 23:21 . 2012-12-03 23:21	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-12-03 23:06 . 2012-12-03 23:07	--------	d-----w-	c:\users\özlem\AppData\Local\{CF921909-9C1F-4F96-9B6F-B1AAD83F02F7}
2012-12-02 14:11 . 2012-12-02 15:05	--------	d-----w-	c:\users\özlem\AppData\Local\{BE14CF0D-38A9-44AE-9212-B88432BA23A1}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 00:48 . 2010-07-07 15:49	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-12 13:32 . 2012-07-15 14:18	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 13:32 . 2011-06-21 13:12	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 21:20 . 2012-12-02 15:19	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-12-02 15:19	347648	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-12-02 15:19	559104	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-04 16:45 . 2012-12-12 22:18	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-02 15:20 . 2012-10-25 13:11	1261936	----a-w-	c:\windows\system32\dmwu.exe
2012-10-02 15:19 . 2012-10-25 13:11	35328	----a-w-	c:\windows\system32\ImHttpComm.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2010-10-29 136488]
"UIExec"="c:\program files (x86)\Avea Jet Mobil Modem\UIExec.exe" [2010-09-06 139088]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
KSS-fragFINN Verwaltung.lnk - c:\program files (x86)\KSS-fragFINN\cy-Software.exe [2010-5-21 1046016]
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2012-7-17 724992]
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-3-10 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-20 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-04-06 834544]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-10-27 24680]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-27 236136]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Avea Jet Mobil Modem\AssistantServices.exe [2010-09-06 253264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-10-29 31088]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1098784]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 13:32]
.
2012-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-778098445-3130377673-3491379081-1005Core.job
- c:\users\alican\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 11:34]
.
2012-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-778098445-3130377673-3491379081-1005UA.job
- c:\users\alican\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 11:34]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 11:04]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-02 11465320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-02 2120808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
DPF: {40C6A941-24A0-4CAD-98D2-018E9584BEDC} - hxxp://download.talkyroom.com/talkyldr.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Cyryiw - c:\users\özlem\AppData\Roaming\OpenCLB.dll
Wow6432Node-HKLM-Run-LMgrOSD - c:\program files (x86)\Launch Manager\OSDCtrl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-BsScanner
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-30  16:31:58
ComboFix-quarantined-files.txt  2012-12-30 15:31
.
Vor Suchlauf: 10 Verzeichnis(se), 511.678.300.160 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 512.066.576.384 Bytes frei
.
- - End Of File - - 7B5A61B6486D9121AF7AC4C941132AF3
         
--- --- ---
und zu den Fragen
zu Pack 1 weiss ich nicht sollte es installiert sein ?
zu den Werbeseiten alles mögliche verschiedenes auch erotische
zu IE und Chrome ja bei beiden
hoffe habe alles richtig gemacht Danke

Alt 30.12.2012, 17:26   #7
M-K-D-B
/// TB-Ausbilder
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten



Servus,



wirst du jetzt immer noch auf Werbeseiten in CHR und IE umgeleitet?




Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 02.01.2013, 16:59   #8
M-K-D-B
/// TB-Ausbilder
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 22.01.2013, 22:33   #9
yasmin79
 
bei Klick in Google kommen Werbeseiten - Standard

bei Klick in Google kommen Werbeseiten



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/12/2013 10:34:55 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\özlem\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 54.67% Memory free
7.60 Gb Paging File | 5.59 Gb Available in Paging File | 73.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 546.25 Gb Total Space | 476.24 Gb Free Space | 87.18% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 24.92 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe ()
PRC - C:\Program Files (x86)\Avea Jet Mobil Modem\AssistantServices.exe ()
PRC - C:\Program Files (x86)\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Program Files (x86)\KSS-fragFINN\AutoUpdaterService.exe (Cybits AG)
PRC - C:\Program Files (x86)\KSS-fragFINN\cy-Software.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe ()
MOD - C:\Program Files (x86)\KSS-fragFINN\cy-Software.exe ()
MOD - C:\Program Files (x86)\KSS-fragFINN\cy_Software.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Avea Jet Mobil Modem\AssistantServices.exe ()
SRV - ([verify-U]-Updater) -- C:\Program Files (x86)\KSS-fragFINN\AutoUpdaterService.exe (Cybits AG)
SRV - ([verify-U]) -- C:\Program Files (x86)\KSS-fragFINN\cy-Service.exe (Cybit AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ([verify-U]_System) -- C:\Windows\SysWOW64\drivers\cy-driver.sys (Cybits AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0E982592-7741-4522-B3C7-CCB87237D1FB}
IE - HKCU\..\SearchScopes\{0E982592-7741-4522-B3C7-CCB87237D1FB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKCU\..\SearchScopes\{317051D6-6951-4D0E-A0D8-6CBAAE5A7259}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/01 02:28:38 | 000,000,000 | ---D | M]
 
[2012/10/25 14:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - Extension: Skype Click to Call = C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\özlem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe ()
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\özlem\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {40C6A941-24A0-4CAD-98D2-018E9584BEDC} hxxp://download.talkyroom.com/talkyldr.cab (TalkyRoom)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B215AABE-DE07-45A6-9ECB-EAC004B70B27}: DhcpNameServer = 212.65.128.2 212.65.129.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BEC6CA-6CB9-41F2-814D-28C04FDB7390}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/10 23:46:42 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/10 23:46:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/10 23:46:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/10 23:46:20 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/10 23:46:20 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/10 23:46:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/10 23:46:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/10 23:46:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/10 23:46:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/10 23:46:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/10 23:46:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/10 23:46:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/10 23:46:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/10 23:46:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/10 23:46:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/10 23:46:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/10 23:46:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/10 23:46:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/10 23:46:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/10 23:46:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/10 23:46:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/10 23:46:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/10 23:46:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/10 23:46:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/10 23:46:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/10 23:46:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/10 23:46:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/10 23:46:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/10 23:46:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/10 23:46:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/10 23:46:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/10 23:46:04 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/10 23:46:04 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/10 23:46:04 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/10 23:46:04 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/10 23:46:04 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/10 23:46:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/10 23:46:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/10 23:46:04 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/10 23:46:04 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/10 23:46:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/10 23:46:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/10 23:46:04 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/10 23:46:04 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/10 23:46:04 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/10 23:46:04 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/10 23:46:04 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/10 23:46:04 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/10 23:46:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/10 23:46:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/10 23:46:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/10 23:46:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/10 23:46:04 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/10 23:46:04 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/10 23:46:03 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/10 23:46:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/10 23:46:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/10 23:46:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/10 23:46:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/10 23:46:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/10 23:46:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/10 23:46:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/10 23:46:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/10 23:45:54 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/08 13:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/01/08 13:29:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/01/08 13:29:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2013/01/08 13:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2013/01/08 13:29:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307020.005
[2013/01/08 13:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/01/08 13:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/01/08 13:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/01 02:28:06 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Roaming\DivX
[2013/01/01 02:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013/01/01 02:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/01/01 02:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013/01/01 02:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013/01/01 02:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/12/30 16:55:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/30 16:28:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/30 16:16:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/30 16:16:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/30 16:16:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/30 16:16:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/30 16:16:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/30 16:02:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/30 16:02:22 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/30 15:55:53 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{646B33CA-3071-41EB-80C2-4F1E63DFD84D}
[2012/12/29 15:16:22 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Roaming\Malwarebytes
[2012/12/29 15:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/29 15:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/29 15:16:13 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/29 15:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/29 15:15:47 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\Programs
[2012/12/29 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{917C13C5-7166-4674-A951-951D4A595036}
[2012/12/27 21:04:35 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{9832F7EA-3420-49D9-9E4F-38B6F8868D72}
[2012/12/21 12:35:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 12:35:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 12:35:26 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 12:35:26 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/20 21:22:42 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{86746C54-8E65-4830-869C-61336F09DBC5}
[2012/12/20 08:49:55 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{0425E1F3-3BC6-472C-A767-472D247EB3CD}
[2012/12/19 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{BDBB63AB-84E9-4231-912B-6E7B199DF3A5}
[2012/12/18 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{A5CCA7BD-A616-48D5-B437-9B80C64427F7}
[2012/12/17 21:41:20 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{55F04605-761B-425C-B0AF-9593B532BEFA}
[2012/12/17 00:03:30 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{B4CD184A-5F79-4E33-BA7A-1F5C81A81D66}
[2012/12/16 14:42:04 | 000,000,000 | ---D | C] -- C:\Users\özlem\Desktop\arda sunshine
[2012/12/16 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\özlem\Desktop\alican sunshine
[2012/12/16 12:03:05 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{A26EFFA1-E0DB-4D3C-B9F9-A8268FF1FBD5}
[2012/12/14 12:56:53 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{4A565EC5-AE0D-4951-892D-8F0E218D8172}
[2012/12/13 23:16:26 | 000,000,000 | ---D | C] -- C:\Users\özlem\AppData\Local\{A9D09B50-1AFC-4180-8A2C-CE250CFD73D8}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/12 22:33:49 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/12 22:33:49 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/12 22:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/12 22:25:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/12 22:24:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/12 22:24:15 | 3061,911,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/12 16:08:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/11 16:40:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-778098445-3130377673-3491379081-1005UA.job
[2013/01/11 16:22:33 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/11 16:22:33 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/01/11 16:22:33 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/11 16:22:33 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/01/11 16:22:33 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/11 16:15:04 | 000,289,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/11 01:30:34 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/11 01:30:34 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/10 23:31:59 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for özlem.job
[2013/01/08 13:39:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-778098445-3130377673-3491379081-1005Core.job
[2013/01/08 13:29:46 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/12/29 16:51:17 | 000,000,020 | ---- | M] () -- C:\Users\özlem\defogger_reenable
[2012/12/29 15:16:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/16 17:52:02 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:40:45 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/14 00:09:35 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/08 13:29:48 | 000,000,448 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for özlem.job
[2013/01/08 13:29:46 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2013/01/08 13:29:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307020.005\isolate.ini
[2012/12/30 16:16:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/30 16:16:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/30 16:16:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/30 16:16:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/30 16:16:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/29 16:51:16 | 000,000,020 | ---- | C] () -- C:\Users\özlem\defogger_reenable
[2012/12/29 15:16:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/28 17:56:04 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/14 17:02:01 | 000,000,044 | ---- | C] () -- C:\Users\özlem\.edu.xtec.properties
[2011/04/06 22:52:21 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/12 13:10:28 | 000,000,680 | RHS- | C] () -- C:\Users\özlem\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Antwort

Themen zu bei Klick in Google kommen Werbeseiten
administrator, anti-malware, appdata, autostart, browser, dateien, explorer, files, gelöscht, google, helper, install.exe, klick, malwarebytes, microsoft, quarantäne, report, services, software, speicher, test, this, uninstall.exe, version, werbeseite



Ähnliche Themen: bei Klick in Google kommen Werbeseiten


  1. Bei fast jedem Klick öffnen sich Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 06.08.2015 (16)
  2. Windows 8 64Bit Google Treffer leiten nach Klick auf Erotik Werbeseiten um
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (11)
  3. Umleitung nach Klick auf Link in Google Suche
    Log-Analyse und Auswertung - 29.01.2015 (28)
  4. Browser öffnen bei Klick auf Google Suchergebnis Werbung
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (13)
  5. Google Umleitung bei Klick auf Suchergebnisse
    Log-Analyse und Auswertung - 27.12.2012 (8)
  6. Umleitung bei klick auf Links in Google
    Log-Analyse und Auswertung - 07.12.2012 (4)
  7. (2x) Umleitung bei Klick auf Google-Suchergebnis
    Mülltonne - 29.11.2012 (1)
  8. Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis
    Log-Analyse und Auswertung - 26.11.2012 (15)
  9. Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um
    Log-Analyse und Auswertung - 05.11.2012 (9)
  10. Bei JEDEM Versuch auf myspace zu kommen, öffnet sich stattdessen google....
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (6)
  11. Google schaltet bei Link klick auf Werbeseiten um
    Log-Analyse und Auswertung - 07.02.2012 (8)
  12. Klick auf Google-Treffer führt zu falscher URL
    Plagegeister aller Art und deren Bekämpfung - 24.11.2011 (34)
  13. Mozilla etc I-net Browser öffnet Werbung nach Google - klick
    Log-Analyse und Auswertung - 05.06.2011 (17)
  14. Bei google Suche kommen immer ebay Links
    Log-Analyse und Auswertung - 28.04.2009 (1)
  15. Hilfe! Statt Google-Links kommen Werbeseiten
    Mülltonne - 12.10.2008 (0)
  16. Statt Google-Links kommen Werbeseiten
    Log-Analyse und Auswertung - 12.10.2008 (0)
  17. Nach klick auf Google Suche öffnet sich adultfinder.c0m etc.
    Log-Analyse und Auswertung - 09.11.2005 (1)

Zum Thema bei Klick in Google kommen Werbeseiten - Hallo ich bitte euch um Hilfe, jedesmal bei klick in Google kommen irgenwelche Werbeseiten. Malewarebytes habe ich durchgeführt, report füge ich bei. Danke Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: - bei Klick in Google kommen Werbeseiten...
Archiv
Du betrachtest: bei Klick in Google kommen Werbeseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.