PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hallo an alle,
habe mir soeben diesen trojaner eingefangen.Schade:(.
Brauche dringend hilfe und kenne mich nicht so gut damit aus, es zubeheben.
Bin im abgesicherten Modus und weiss echt nicht weiter.
Bitte um Hilfe...
OTL Logfile: Code:
OTL logfile created on: 12.08.2012 15:05:57 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Zorluokat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,96 Gb Total Physical Memory | 5,10 Gb Available Physical Memory | 85,57% Memory free
11,92 Gb Paging File | 11,18 Gb Available in Paging File | 93,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,82 Gb Total Space | 820,30 Gb Free Space | 89,18% Space Free | Partition Type: NTFS
Drive D: | 11,59 Gb Total Space | 1,65 Gb Free Space | 14,24% Space Free | Partition Type: NTFS
Drive K: | 48,83 Gb Total Space | 27,80 Gb Free Space | 56,94% Space Free | Partition Type: NTFS
Drive L: | 184,05 Gb Total Space | 94,37 Gb Free Space | 51,27% Space Free | Partition Type: NTFS
Computer Name: ZORLUOKAT-PC | User Name: Zorluokat | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2012.08.03 18:17:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.08.23 02:26:38 | 000,141,848 | ---- | M] (Senstic) [Auto | Stopped] -- C:\Program Files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe -- (SensticPocketService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.21 02:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.01.06 20:49:54 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.09.30 23:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.05 23:50:56 | 000,031,560 | ---- | M] (Senstic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camsource64.sys -- (avshws)
DRV:64bit: - [2010.06.03 17:07:18 | 000,015,160 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)
DRV:64bit: - [2010.03.02 23:57:06 | 000,037,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\senaudio64.sys -- (PocketAudio)
DRV:64bit: - [2009.10.02 14:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.21 02:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.06.23 13:46:10 | 000,308,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav303.sys -- (vvftav303)
DRV:64bit: - [2007.03.25 12:26:26 | 001,494,656 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM303.sys -- (ZSMC0303)
DRV - [2009.09.17 07:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE:64bit: - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKCU\..\SearchScopes\{6715A0D7-5598-4BF3-B5C8-E856527F1565}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O1 HOSTS File: ([2011.03.30 20:14:56 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Programme\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [VMSnap3] C:\Windows\vmsnap3.exe (Vimicro)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [xwizard] C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\3800\xwizard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9C0FFB-46A1-43D0-B5DE-40102E2E5A35}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.11 13:00:16 | 000,000,000 | ---D | M] - L:\auto Touran -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.12 14:57:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
[2012.08.12 13:02:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.08.12 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto
[2012.08.12 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D5F7CD32-0B06-4520-9303-AAEB64324CD8}
[2012.08.12 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{52324117-765C-44D7-89A2-2003D3D64421}
[2012.08.11 10:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0BE896B3-9371-46CC-BACE-DF1F5A806F5C}
[2012.08.11 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4EDD5E7D-2E56-4871-8A8A-63AE2AF0E09A}
[2012.08.10 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BC5E4259-C07E-4E9B-A4ED-490962BCBF23}
[2012.08.10 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F67FEE5-4FB5-42B4-BF7C-3347FACFF959}
[2012.08.09 10:03:33 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7C7384C9-2DAF-4589-86F0-BFEB8A7129AE}
[2012.08.09 10:03:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CA3109EA-283A-4E0F-97DD-53305696381A}
[2012.08.08 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{04B1A48F-B026-4DE3-B273-C6B2BFF05603}
[2012.08.08 10:58:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BE24A8FF-9E07-4024-AD4D-A121E6CFB57C}
[2012.08.07 22:58:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{B21967D5-3668-4002-B4C1-FAB88BCDA845}
[2012.08.07 22:57:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EB1581F2-F014-419D-9C90-90737E46EDED}
[2012.08.07 07:41:06 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC3C5F2B-8FFF-4575-A82F-6FDCE7E2075B}
[2012.08.07 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{51129F57-A005-41F7-813E-40D9F4C98473}
[2012.08.05 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.08.05 17:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.08.05 14:41:44 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\türkei bilder 2012
[2012.08.05 13:29:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{A209EEE8-FBAA-4332-8506-964ECE41B1DA}
[2012.08.05 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F2FDE3A-9C05-4DDE-86BD-997E7AD7CDAD}
[2012.08.04 10:38:19 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{63C63464-322E-4F3D-B671-C4FF7F6ABF66}
[2012.08.04 10:38:08 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C9922DA6-3E68-444C-84B2-0A97E432A35D}
[2012.08.03 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BB16E1D4-0466-4B79-AF95-AE55C0B42286}
[2012.08.03 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{1C960E88-8F8E-40D2-BBB0-5FD79BD16221}
[2012.08.01 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{72780667-68F8-443B-BC05-0E16946D8FBF}
[2012.08.01 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0A82955C-4F0E-40C8-AF88-905177EEE545}
[2012.07.31 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F75A2985-1F6B-4C52-A87C-4F213A23FADE}
[2012.07.31 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{2133892B-43DA-406E-A607-30EC9536661C}
[2012.07.31 21:59:46 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{AA6CF83A-1DC4-496E-9189-C207368ED0A5}
[2012.07.31 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC51B752-85FE-4B6E-BB98-7B6F502B6C56}
[2012.07.30 22:30:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8D6CC450-B661-4C9F-947E-A63F3190BE53}
[2012.07.30 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94126CC9-1D2D-4DD3-88B1-8875A88A6C04}
[2012.07.29 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94CA4A87-97EA-43F3-BDAC-A07827F98A5A}
[2012.07.29 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{469ED139-A96D-40AF-BFB3-462F1FA1F69F}
[2012.07.28 15:56:59 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5313F3C4-634E-419F-AB87-56114A975E8A}
[2012.07.28 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D51F00FE-2787-47DF-B378-B39E3676A035}
[2012.07.27 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{372B661A-B8FB-401E-9721-1BCC9B54C160}
[2012.07.27 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5A802D33-71A8-47D0-9A13-2DCAF63F5662}
[2012.07.26 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EC9DA2A4-B7DF-4108-986E-9A33F6ADFA4F}
[2012.07.26 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F13F675-C4CD-4AC0-8D12-F8ACA16A372B}
[2012.07.25 07:53:54 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{260A54FD-1DFA-47B5-A080-6B8AD51BF8B4}
[2012.07.25 07:53:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{22DBC9C4-7EB3-4675-A5D1-3906E06B8FFC}
[2012.07.23 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{78D3A68E-2976-49AA-BE42-80336E4C6E1A}
[2012.07.23 17:27:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{502A2B5E-9D54-44EB-8C67-DAD812A8D202}
[2012.07.22 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C615687C-1F9E-418C-B129-A9A1CBAAD4A0}
[2012.07.22 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{084A1B7E-04BA-4625-8953-5348BA6153F8}
[2012.07.21 20:53:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{61C77AC9-5B41-4433-972E-8E1C2DAFD682}
[2012.07.21 20:53:24 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7D3D9F87-410E-4A63-B1E4-F8027461E128}
[2012.07.21 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{323BB2A1-1BFA-40A1-85CE-5581202B77AF}
[2012.07.21 08:52:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F1FF85A-85B5-43C6-BEE3-833FEE26C213}
[2012.07.18 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7523CCEE-1C8E-4BE0-BBE3-A431CD886D4F}
[2012.07.18 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{083C6E36-C8F1-4192-92BF-A4DE405EA38E}
[2012.07.17 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner (2)
[2012.07.17 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner
[2012.07.17 20:56:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0B848230-F4DC-4CE4-9536-4ACBC63E2C6A}
[2012.07.17 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{DC8A1F1C-3E6B-48E9-A569-A57AD89CC5B7}
[2012.07.16 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4BFC04CC-20F5-43D7-BC47-2F3B9ED613CB}
[2012.07.16 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{20B6A69A-6614-4C6C-9DE1-B9D318A9572F}
[2012.07.16 11:18:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F00AB6A4-65B8-41B9-8064-4C3E5516E7CE}
[2012.07.16 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8C222B6D-B973-4361-9C2E-A44B715134E7}
[2012.07.16 00:36:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.16 00:36:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.16 00:36:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.16 00:36:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.16 00:36:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.16 00:36:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.16 00:36:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.16 00:36:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.16 00:36:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.16 00:36:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.16 00:36:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.16 00:36:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.16 00:36:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.15 15:27:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.07.15 15:27:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.07.15 15:27:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.07.15 15:27:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.15 15:27:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.07.15 15:27:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.07.15 15:26:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.07.15 15:26:53 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.07.15 15:26:25 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.15 15:26:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.15 15:25:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.15 15:25:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.15 15:09:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.15 15:09:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.07.15 15:09:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.07.15 15:09:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.07.15 15:09:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.07.15 15:09:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.07.15 15:08:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.07.15 15:08:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.07.15 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{47EA696F-8DCE-4D90-A670-920A9D8A817D}
[2012.07.15 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{354652EF-97C0-4F34-83A2-CF8E84A217E4}
========== Files - Modified Within 30 Days ==========
[2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
[2012.08.12 14:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 14:51:50 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 14:46:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 13:29:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 13:29:52 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 13:29:52 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 13:29:52 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 13:29:52 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.12 13:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.12 13:04:12 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012.08.12 12:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 15:43:23 | 000,274,395 | ---- | M] () -- C:\Users\Zorluokat\Desktop\business paln.pdf
[2012.08.03 18:17:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 18:17:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 11:16:56 | 005,003,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.08.12 13:04:12 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012.08.05 15:43:23 | 000,274,395 | ---- | C] () -- C:\Users\Zorluokat\Desktop\business paln.pdf
[2012.04.26 15:51:55 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.04.26 15:51:15 | 000,000,113 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012.04.26 15:47:01 | 000,000,114 | ---- | C] () -- C:\Windows\Startup.INI
[2012.02.22 00:20:14 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.02.24 18:00:36 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.01.18 19:27:58 | 000,001,456 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.01.01 20:24:17 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.16 20:09:39 | 000,005,120 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.13 01:05:13 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.10.05 22:39:40 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.28 19:25:11 | 000,000,118 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\wklnhst.dat
[2010.09.27 16:40:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.23 17:37:02 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2010.09.23 17:37:02 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
< End of report > --- --- ---
OTL Logfile: Code:
OTL logfile created on: 12.08.2012 15:27:09 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Zorluokat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,96 Gb Total Physical Memory | 4,98 Gb Available Physical Memory | 83,54% Memory free
11,92 Gb Paging File | 11,09 Gb Available in Paging File | 93,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,82 Gb Total Space | 820,30 Gb Free Space | 89,18% Space Free | Partition Type: NTFS
Drive D: | 11,59 Gb Total Space | 1,65 Gb Free Space | 14,24% Space Free | Partition Type: NTFS
Computer Name: ZORLUOKAT-PC | User Name: Zorluokat | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Zorluokat\Desktop\OTL.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (SensticPocketService) -- C:\Program Files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe (Senstic)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avshws) -- C:\Windows\SysNative\drivers\camsource64.sys (Senstic)
DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (PocketAudio) -- C:\Windows\SysNative\drivers\senaudio64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (vvftav303) -- C:\Windows\SysNative\drivers\vvftav303.sys (Vimicro Corporation)
DRV:64bit: - (ZSMC0303) -- C:\Windows\SysNative\drivers\usbVM303.sys (Vimicro Corporation)
DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE:64bit: - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes\{6715A0D7-5598-4BF3-B5C8-E856527F1565}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O1 HOSTS File: ([2011.03.30 20:14:56 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Programme\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [VMSnap3] C:\Windows\vmsnap3.exe (Vimicro)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [xwizard] C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\3800\xwizard.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9C0FFB-46A1-43D0-B5DE-40102E2E5A35}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.12 14:57:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
[2012.08.12 13:02:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.08.12 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto
[2012.08.12 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D5F7CD32-0B06-4520-9303-AAEB64324CD8}
[2012.08.12 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{52324117-765C-44D7-89A2-2003D3D64421}
[2012.08.11 10:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0BE896B3-9371-46CC-BACE-DF1F5A806F5C}
[2012.08.11 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4EDD5E7D-2E56-4871-8A8A-63AE2AF0E09A}
[2012.08.10 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BC5E4259-C07E-4E9B-A4ED-490962BCBF23}
[2012.08.10 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F67FEE5-4FB5-42B4-BF7C-3347FACFF959}
[2012.08.09 10:03:33 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7C7384C9-2DAF-4589-86F0-BFEB8A7129AE}
[2012.08.09 10:03:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CA3109EA-283A-4E0F-97DD-53305696381A}
[2012.08.08 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{04B1A48F-B026-4DE3-B273-C6B2BFF05603}
[2012.08.08 10:58:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BE24A8FF-9E07-4024-AD4D-A121E6CFB57C}
[2012.08.07 22:58:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{B21967D5-3668-4002-B4C1-FAB88BCDA845}
[2012.08.07 22:57:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EB1581F2-F014-419D-9C90-90737E46EDED}
[2012.08.07 07:41:06 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC3C5F2B-8FFF-4575-A82F-6FDCE7E2075B}
[2012.08.07 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{51129F57-A005-41F7-813E-40D9F4C98473}
[2012.08.05 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.08.05 17:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.08.05 14:41:44 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\türkei bilder 2012
[2012.08.05 13:29:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{A209EEE8-FBAA-4332-8506-964ECE41B1DA}
[2012.08.05 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F2FDE3A-9C05-4DDE-86BD-997E7AD7CDAD}
[2012.08.04 10:38:19 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{63C63464-322E-4F3D-B671-C4FF7F6ABF66}
[2012.08.04 10:38:08 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C9922DA6-3E68-444C-84B2-0A97E432A35D}
[2012.08.03 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BB16E1D4-0466-4B79-AF95-AE55C0B42286}
[2012.08.03 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{1C960E88-8F8E-40D2-BBB0-5FD79BD16221}
[2012.08.01 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{72780667-68F8-443B-BC05-0E16946D8FBF}
[2012.08.01 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0A82955C-4F0E-40C8-AF88-905177EEE545}
[2012.07.31 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F75A2985-1F6B-4C52-A87C-4F213A23FADE}
[2012.07.31 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{2133892B-43DA-406E-A607-30EC9536661C}
[2012.07.31 21:59:46 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{AA6CF83A-1DC4-496E-9189-C207368ED0A5}
[2012.07.31 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC51B752-85FE-4B6E-BB98-7B6F502B6C56}
[2012.07.30 22:30:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8D6CC450-B661-4C9F-947E-A63F3190BE53}
[2012.07.30 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94126CC9-1D2D-4DD3-88B1-8875A88A6C04}
[2012.07.29 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94CA4A87-97EA-43F3-BDAC-A07827F98A5A}
[2012.07.29 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{469ED139-A96D-40AF-BFB3-462F1FA1F69F}
[2012.07.28 15:56:59 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5313F3C4-634E-419F-AB87-56114A975E8A}
[2012.07.28 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D51F00FE-2787-47DF-B378-B39E3676A035}
[2012.07.27 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{372B661A-B8FB-401E-9721-1BCC9B54C160}
[2012.07.27 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5A802D33-71A8-47D0-9A13-2DCAF63F5662}
[2012.07.26 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EC9DA2A4-B7DF-4108-986E-9A33F6ADFA4F}
[2012.07.26 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F13F675-C4CD-4AC0-8D12-F8ACA16A372B}
[2012.07.25 07:53:54 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{260A54FD-1DFA-47B5-A080-6B8AD51BF8B4}
[2012.07.25 07:53:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{22DBC9C4-7EB3-4675-A5D1-3906E06B8FFC}
[2012.07.23 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{78D3A68E-2976-49AA-BE42-80336E4C6E1A}
[2012.07.23 17:27:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{502A2B5E-9D54-44EB-8C67-DAD812A8D202}
[2012.07.22 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C615687C-1F9E-418C-B129-A9A1CBAAD4A0}
[2012.07.22 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{084A1B7E-04BA-4625-8953-5348BA6153F8}
[2012.07.21 20:53:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{61C77AC9-5B41-4433-972E-8E1C2DAFD682}
[2012.07.21 20:53:24 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7D3D9F87-410E-4A63-B1E4-F8027461E128}
[2012.07.21 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{323BB2A1-1BFA-40A1-85CE-5581202B77AF}
[2012.07.21 08:52:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F1FF85A-85B5-43C6-BEE3-833FEE26C213}
[2012.07.18 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7523CCEE-1C8E-4BE0-BBE3-A431CD886D4F}
[2012.07.18 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{083C6E36-C8F1-4192-92BF-A4DE405EA38E}
[2012.07.17 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner (2)
[2012.07.17 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner
[2012.07.17 20:56:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0B848230-F4DC-4CE4-9536-4ACBC63E2C6A}
[2012.07.17 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{DC8A1F1C-3E6B-48E9-A569-A57AD89CC5B7}
[2012.07.16 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4BFC04CC-20F5-43D7-BC47-2F3B9ED613CB}
[2012.07.16 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{20B6A69A-6614-4C6C-9DE1-B9D318A9572F}
[2012.07.16 11:18:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F00AB6A4-65B8-41B9-8064-4C3E5516E7CE}
[2012.07.16 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8C222B6D-B973-4361-9C2E-A44B715134E7}
[2012.07.16 00:36:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.16 00:36:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.16 00:36:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.16 00:36:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.16 00:36:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.16 00:36:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.16 00:36:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.16 00:36:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.16 00:36:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.16 00:36:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.16 00:36:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.16 00:36:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.16 00:36:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.15 15:27:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.07.15 15:27:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.07.15 15:27:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.07.15 15:27:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.15 15:27:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.07.15 15:27:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.07.15 15:26:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.07.15 15:26:53 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.07.15 15:26:25 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.15 15:26:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.15 15:25:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.15 15:25:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.15 15:09:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.15 15:09:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.07.15 15:09:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.07.15 15:09:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.07.15 15:09:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.07.15 15:09:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.07.15 15:08:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.07.15 15:08:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.07.15 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{47EA696F-8DCE-4D90-A670-920A9D8A817D}
[2012.07.15 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{354652EF-97C0-4F34-83A2-CF8E84A217E4}
========== Files - Modified Within 30 Days ==========
[2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
[2012.08.12 14:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 14:51:50 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 14:46:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 13:29:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 13:29:52 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 13:29:52 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 13:29:52 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 13:29:52 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.12 13:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.12 13:04:12 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012.08.12 12:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 15:43:23 | 000,274,395 | ---- | M] () -- C:\Users\Zorluokat\Desktop\business paln.pdf
[2012.08.03 18:17:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 18:17:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 11:16:56 | 005,003,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.08.12 13:04:12 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012.08.05 15:43:23 | 000,274,395 | ---- | C] () -- C:\Users\Zorluokat\Desktop\business paln.pdf
[2012.04.26 15:51:55 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.04.26 15:51:15 | 000,000,113 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012.04.26 15:47:01 | 000,000,114 | ---- | C] () -- C:\Windows\Startup.INI
[2012.02.22 00:20:14 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.02.24 18:00:36 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.01.18 19:27:58 | 000,001,456 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.01.01 20:24:17 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.16 20:09:39 | 000,005,120 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.13 01:05:13 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.10.05 22:39:40 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.28 19:25:11 | 000,000,118 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\wklnhst.dat
[2010.09.27 16:40:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.23 17:37:02 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2010.09.23 17:37:02 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
========== LOP Check ==========
[2012.01.18 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Air Cam Live Video - PC Control
[2011.01.08 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.21 00:43:01 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\DVDVideoSoft
[2011.11.04 19:45:54 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.12 12:51:09 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto
[2012.03.16 01:59:16 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\redsn0w
[2011.01.08 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.09.28 19:25:21 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Template
[2010.11.07 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Tific
[2010.09.15 23:11:39 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\WildTangent
[2010.09.15 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\WinBatch
[2010.12.16 00:07:24 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Windows Live Writer
[2012.05.31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.08.09 10:47:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
malware-log
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.12.04
Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Zorluokat :: ZORLUOKAT-PC [Administrator]
Schutz: Deaktiviert
12.08.2012 15:40:08
mbam-log-2012-08-12 (15-40-08).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424385
Laufzeit: 38 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
# AdwCleaner v1.800 - Logfile created 08/12/2012 at 16:50:37
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Zorluokat - ZORLUOKAT-PC
# Running from : C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DLY8HJ6Z\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Zorluokat\AppData\Local\Conduit
Folder Found : C:\Users\Zorluokat\AppData\Local\OpenCandy
Folder Found : C:\Users\Zorluokat\AppData\LocalLow\Conduit
Folder Found : C:\Users\Zorluokat\AppData\LocalLow\WiseConvert
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\WiseConvert
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar
Key Found : HKLM\SOFTWARE\WiseConvert
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Softonic
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C679A0BD-77B7-478D-B572-5A7ADBB92855}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29549967-39BA-414A-83B3-8BD91CCD4165}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716
*************************
AdwCleaner[R1].txt - [3017 octets] - [12/08/2012 16:50:37]
########## EOF - C:\AdwCleaner[R1].txt - [3145 octets] ########## |