Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TrojanDownloader:win32/Renos.MG wie entfernen? (https://www.trojaner-board.de/89149-trojandownloader-win32-renos-mg-entfernen.html)

Zickchen 05.08.2010 14:22
TrojanDownloader:win32/Renos.MG wie entfernen?
 
Hallo,

als erstes mal, ich bin neu hier und hoffe wirklich das mir hier geholfen werden kann.

Ich habe nicht so die dolle Ahnung von Computern, also bitte entschuldigt das ich alles genau erklärt haben muss :-)

Ich habe seit 2 Tagen den TrojanDownloader:win32/Renos.MQ auf dem Rechner und ca jede Std zeigt Avira bzw WinDefender das auch an.
Jedes mal klicke ich auf entfernen, anfangs dachte ich, es sei damit auch erledigt.

Nach einigen Recherchen hab ich dann rausgefunden, dass dieser Trojaner wohl nicht so harmlos ist.

Jetzt meine Frage: Was kann ich tun?

Larusso 05.08.2010 14:38
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.

Zickchen 05.08.2010 15:54
Bei gmer ist mein System 3x abgestürzt. Konnte also nicht zuende scannen.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4392

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

05.08.2010 16:10:31
mbam-log-2010-08-05 (16-10-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129702
Laufzeit: 5 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.




OTL Logfile:
Code:
OTL logfile created on: 05.08.2010 16:42:49 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Derya\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,09 Gb Total Space | 70,98 Gb Free Space | 30,07% Space Free | Partition Type: NTFS
Drive D: | 49,00 Gb Total Space | 48,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DERYA-PC
Current User Name: Derya
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
PRC - [2010.05.07 16:40:06 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.04.20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.12.08 14:51:52 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.07.24 05:20:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.28 08:06:56 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 08:47:58 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.21 09:53:06 | 007,420,448 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.10 09:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.26 10:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.19 06:18:10 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
MOD - [2008.08.28 05:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008.05.27 07:18:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2008.01.21 04:25:29 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008.01.21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 04:25:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008.01.21 04:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.05.09 21:57:21 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007.02.10 06:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007.02.10 06:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.02.25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.12.11 01:40:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 16:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 11:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.21 09:37:38 | 002,361,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.08.28 04:52:52 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.07.12 12:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006.11.14 02:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 10:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 10:12:52 | 000,000,000 | ---D | M]
 
[2009.12.12 21:57:10 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Extensions
[2010.08.04 16:56:50 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions
[2010.07.15 14:12:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.12 21:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010.01.17 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\firefox@tvunetworks.com
[2010.07.15 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxfilter@inspiredeffect.net
[2010.07.15 14:12:38 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxyproxy@eric.h.jung
[2010.02.16 19:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [JRMX9X1GML] C:\Users\Derya\AppData\Local\Temp\Ex0.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\AutoRun\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\menu1\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.05 16:39:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.05 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.05 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.05 15:53:54 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\Malwarebytes
[2010.08.05 15:53:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.05 15:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.05 15:53:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.05 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.05 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Derya\Desktop\MFTools
[2010.08.03 21:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2010.08.03 21:23:13 | 000,000,000 | -HSD | C] -- C:\Users\Derya\AppData\Roaming\.#
[2010.07.21 22:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2010.06.20 14:25:53 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\Windows\System32\drivers\BVRPMPR5.SYS
[2010.06.20 14:25:30 | 000,000,000 | ---D | C] -- C:\Netgear
[2010.06.04 11:44:25 | 000,000,000 | ---D | C] -- C:\Users\Derya\Documents\Hagemann DEW
[2010.05.30 15:02:51 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Local\Sony Ericsson
[2010.05.30 15:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2010.05.30 14:55:21 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.05.30 14:54:48 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.05.30 14:54:48 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.05.30 14:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010.05.29 19:30:54 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.05.29 19:30:54 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.05.29 19:30:54 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010.05.29 19:30:54 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010.05.29 19:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner
[2010.05.18 10:56:02 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll
[2010.05.18 10:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010.05.09 21:57:21 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.05.09 21:57:21 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.05.09 21:57:21 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.09 21:56:37 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\TuneUp Software
[2010.05.09 21:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010.05.09 21:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.05.09 21:55:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.05.08 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\Derya\Documents\DVDVideoSoft
[2010.05.08 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.05.08 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.05 16:42:46 | 001,835,008 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT
[2010.08.05 16:42:07 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
[2010.08.05 16:39:41 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 16:39:41 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 16:39:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.05 16:39:24 | 253,544,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:39:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.05 16:38:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.05 16:38:53 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 16:10:57 | 000,524,288 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.05 16:10:57 | 000,065,536 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.05 16:10:56 | 002,064,013 | -H-- | M] () -- C:\Users\Derya\AppData\Local\IconCache.db
[2010.08.05 16:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.05 16:01:51 | 000,000,733 | ---- | M] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | M] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:53:15 | 000,284,915 | ---- | M] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 21:07:54 | 000,097,280 | ---- | M] () -- C:\Users\Derya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 20:46:05 | 000,386,621 | ---- | M] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.08.04 15:23:04 | 001,592,750 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.04 15:23:04 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.04 15:23:04 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.04 15:23:04 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.04 15:23:04 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.04 14:01:41 | 000,309,640 | ---- | M] () -- C:\Users\Derya\Desktop\Bewerbung aktuell.pdf
[2010.08.04 13:23:57 | 000,019,456 | ---- | M] () -- C:\Users\Derya\Documents\ausgabenbeni.xls
[2010.07.30 20:02:08 | 000,112,681 | ---- | M] () -- C:\Users\Derya\Desktop\Austritt Tippgemeinschaft B.Aumüller.jpg
[2010.07.30 19:46:06 | 000,028,672 | ---- | M] () -- C:\Users\Derya\Desktop\Urlaubsantrag.doc
[2010.07.29 14:55:01 | 000,026,624 | ---- | M] () -- C:\Users\Derya\Desktop\LOTTO.doc
[2010.07.21 22:18:03 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\RTL GAME CENTER.lnk
[2010.07.21 22:18:01 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Die Wiege Olympias 2.lnk
[2010.06.11 09:43:45 | 000,371,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.30 15:08:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.05.30 15:08:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.05.29 19:30:57 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2010.05.08 22:47:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010.08.05 16:38:57 | 253,544,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:13:10 | 000,293,376 | ---- | C] () -- C:\Users\Derya\Desktop\gmer.exe
[2010.08.05 16:01:51 | 000,000,733 | ---- | C] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | C] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:51:07 | 000,284,915 | ---- | C] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 20:46:05 | 000,386,621 | ---- | C] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.08.04 14:01:35 | 000,309,640 | ---- | C] () -- C:\Users\Derya\Desktop\Bewerbung aktuell.pdf
[2010.07.30 20:02:08 | 000,112,681 | ---- | C] () -- C:\Users\Derya\Desktop\Austritt Tippgemeinschaft B.Aumüller.jpg
[2010.07.30 19:36:30 | 000,028,672 | ---- | C] () -- C:\Users\Derya\Desktop\Urlaubsantrag.doc
[2010.07.21 22:18:03 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\RTL GAME CENTER.lnk
[2010.07.21 22:18:01 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Die Wiege Olympias 2.lnk
[2010.05.30 15:08:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.05.30 15:08:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.29 19:30:57 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2010.05.18 10:56:02 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.05.08 22:47:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009.12.28 11:50:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.28 11:50:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.09 15:10:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.24 05:19:37 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.07.24 05:19:37 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.07.24 05:17:29 | 000,004,280 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.07.24 05:17:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 03:35:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.07.24 03:35:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.08.05 08:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.08.03 21:25:14 | 000,000,000 | -HSD | M] -- C:\Users\Derya\AppData\Roaming\.#
[2009.12.20 22:20:42 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\PDF reDirect
[2010.05.09 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\TuneUp Software
[2010.08.05 16:10:58 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.05 16:42:07 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008.02.08 11:31:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.08.05 16:38:53 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 16:38:52 | 3464,368,128 | -HS- | M] () -- C:\pagefile.sys
[2009.07.24 05:16:47 | 000,001,799 | ---- | M] () -- C:\RHDSetup.log
[2009.12.09 18:43:05 | 000,000,169 | ---- | M] () -- C:\setup.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2004.03.22 13:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2007.02.26 09:49:10 | 001,744,896 | ---- | M] (TopThinks, INC.) -- C:\Windows\imagine digital freedom.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-04 04:50:53
< End of report >
--- --- ---

Larusso 05.08.2010 16:27
Tu dir selber einen gefallen und deinstalliere TuneUp. Das hat bis jetzt mehr Rechner kaput getuned als sonstwas. Deine Entscheidung.

Mir fehlt noch die Extras.txt. Bitte nachreichen.

Schritt 1
Code:
:OTL
O4 - HKCU..\Run: [JRMX9X1GML] C:\Users\Derya\AppData\Local\Temp\Ex0.exe File not found
:services
:files
dir /s /b C:\Users\Derya\AppData\Roaming\.# /c
:reg
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2
  • Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
  • Extrahiere den Inhalt der Datei auf deinem Desktop.
    Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
    • Schließe alle laufenden Programme.
    • Trenne dich von Internet.
    • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
  • Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
  • Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
    Dieses bitte einfach schließen.
  • Nun auf Report klicken.
  • Bitte poste mir den Inhalt hier in deinen Thread.
    (auch zu finden unter C:\TDSSKiller<time_date>.txt)


Schritt 3

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
OTL Fix Log
TDSSKiller Log
OTL.txt
Berichte wie der Rechner läuft

Zickchen 05.08.2010 16:29
tune up hab ich gerad eben runtergeschmissen. war eh nur ne testversion.
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 05.08.2010 16:42:49 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Derya\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,09 Gb Total Space | 70,98 Gb Free Space | 30,07% Space Free | Partition Type: NTFS
Drive D: | 49,00 Gb Total Space | 48,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DERYA-PC
Current User Name: Derya
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system |
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system |
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system |
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22B4D4BC-F397-40C7-9174-D0EA5C3C502D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{654745A0-0069-4F55-9E7C-21427E827FC2}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{65A32000-6AA6-4098-9C96-E0BECF98BB91}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6F60A275-9EC3-41A8-A3A8-A93E2274200D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC9462F6-B41E-4DF5-9D89-53412414E8EF}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{F5F3BCCF-A29F-4EEA-A1D6-136E32AEAF4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{0E0E9C79-F7E4-45B3-B00A-486F255AE8B3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F01651CB-E27F-416C-8D2A-566A61575173}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{02EB20C5-49AD-4E76-A31A-71960A6F70F5}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{85D44772-5EB8-4B35-AD27-6BF7932806B8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Die Wiege Olympias 2" = Die Wiege Olympias 2
"DSGPlayer" = RTL GAME CENTER
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PDF reDirect" = PDF reDirect (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.08.2010 13:44:45 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 573397
 
Error - 01.08.2010 13:44:46 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.08.2010 13:44:46 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 574443
 
Error - 01.08.2010 13:44:46 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 574443
 
Error - 01.08.2010 13:44:47 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.08.2010 13:44:47 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 575519
 
Error - 01.08.2010 13:44:47 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 575519
 
Error - 02.08.2010 02:06:38 | Computer Name = Derya-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.08.2010 02:06:38 | Computer Name = Derya-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.08.2010 02:07:23 | Computer Name = Derya-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 05.08.2010 10:01:54 | Computer Name = Derya-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.08.2010 10:02:39 | Computer Name = Derya-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 05.08.2010 10:11:42 | Computer Name = Derya-PC | Source = HTTP | ID = 15016
Description =
 
Error - 05.08.2010 10:13:06 | Computer Name = Derya-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 05.08.2010 10:13:21 | Computer Name = Derya-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.08.2010 10:17:06 | Computer Name = Derya-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 05.08.2010 10:38:57 | Computer Name = Derya-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.08.2010 um 16:37:32 unerwartet heruntergefahren.
 
Error - 05.08.2010 10:39:25 | Computer Name = Derya-PC | Source = HTTP | ID = 15016
Description =
 
Error - 05.08.2010 10:40:39 | Computer Name = Derya-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.08.2010 10:41:38 | Computer Name = Derya-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >
--- --- ---

Zickchen 05.08.2010 16:34
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JRMX9X1GML deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
< dir /s /b C:\Users\Derya\AppData\Roaming\.# /c >
C:\Users\Derya\Desktop\MFTools\cmd.bat deleted successfully.
C:\Users\Derya\Desktop\MFTools\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Derya
->Temp folder emptied: 249780 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27380655 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155748 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08052010_173132

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Zickchen 05.08.2010 16:38
2010/08/05 17:36:39.0067 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/05 17:36:39.0067 ================================================================================
2010/08/05 17:36:39.0067 SystemInfo:
2010/08/05 17:36:39.0067
2010/08/05 17:36:39.0067 OS Version: 6.0.6001 ServicePack: 1.0
2010/08/05 17:36:39.0067 Product type: Workstation
2010/08/05 17:36:39.0067 ComputerName: DERYA-PC
2010/08/05 17:36:39.0067 UserName: Derya
2010/08/05 17:36:39.0067 Windows directory: C:\Windows
2010/08/05 17:36:39.0067 System windows directory: C:\Windows
2010/08/05 17:36:39.0067 Processor architecture: Intel x86
2010/08/05 17:36:39.0067 Number of processors: 2
2010/08/05 17:36:39.0067 Page size: 0x1000
2010/08/05 17:36:39.0067 Boot type: Normal boot
2010/08/05 17:36:39.0067 ================================================================================
2010/08/05 17:37:00.0018 Initialize success
2010/08/05 17:37:03.0621 ================================================================================
2010/08/05 17:37:03.0621 Scan started
2010/08/05 17:37:03.0621 Mode: Manual;
2010/08/05 17:37:03.0621 ================================================================================
2010/08/05 17:37:04.0230 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/08/05 17:37:04.0277 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/05 17:37:04.0448 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/05 17:37:04.0495 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/05 17:37:04.0526 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/05 17:37:04.0667 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/08/05 17:37:04.0776 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/05 17:37:04.0916 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/05 17:37:04.0963 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/05 17:37:05.0010 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/05 17:37:05.0119 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/05 17:37:05.0135 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/05 17:37:05.0181 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/05 17:37:05.0213 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/05 17:37:05.0369 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/05 17:37:05.0400 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/05 17:37:05.0509 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/05 17:37:05.0540 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2010/08/05 17:37:05.0618 athr (09a644da1f4c144df1c9fe3cd75e22ed) C:\Windows\system32\DRIVERS\athr.sys
2010/08/05 17:37:05.0712 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/08/05 17:37:05.0805 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/08/05 17:37:05.0868 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/08/05 17:37:05.0961 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/08/05 17:37:06.0039 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/05 17:37:06.0164 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/05 17:37:06.0258 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/05 17:37:06.0336 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/05 17:37:06.0367 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/05 17:37:06.0461 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/05 17:37:06.0492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/05 17:37:06.0523 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/05 17:37:06.0539 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/05 17:37:06.0632 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/05 17:37:06.0679 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
2010/08/05 17:37:06.0788 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/05 17:37:06.0819 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/05 17:37:06.0929 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/05 17:37:06.0975 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/08/05 17:37:07.0116 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/05 17:37:07.0147 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/05 17:37:07.0178 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/05 17:37:07.0397 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/05 17:37:07.0553 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/05 17:37:07.0693 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/08/05 17:37:07.0724 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/08/05 17:37:07.0849 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/05 17:37:07.0896 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/05 17:37:08.0005 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/05 17:37:08.0145 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/08/05 17:37:08.0208 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/05 17:37:08.0317 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/05 17:37:08.0379 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/08/05 17:37:08.0411 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/08/05 17:37:08.0489 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/05 17:37:08.0582 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/05 17:37:08.0598 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/05 17:37:08.0660 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/05 17:37:08.0691 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/08/05 17:37:08.0707 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/05 17:37:08.0738 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/05 17:37:08.0847 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/05 17:37:08.0910 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2010/08/05 17:37:08.0941 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2010/08/05 17:37:09.0113 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/05 17:37:09.0175 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/05 17:37:09.0237 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/08/05 17:37:09.0269 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/05 17:37:09.0315 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/05 17:37:09.0393 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/05 17:37:09.0471 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/08/05 17:37:09.0612 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/08/05 17:37:09.0643 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys
2010/08/05 17:37:09.0721 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/05 17:37:09.0799 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/05 17:37:10.0127 ialm (10bd226a38ded89e85d008995ddf4675) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/08/05 17:37:10.0376 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2010/08/05 17:37:10.0595 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/05 17:37:10.0891 igfx (10bd226a38ded89e85d008995ddf4675) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/08/05 17:37:11.0000 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/05 17:37:11.0156 IntcAzAudAddService (64f2ef1749a977917c40f546e72182b3) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/05 17:37:11.0312 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/08/05 17:37:11.0343 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/05 17:37:11.0453 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/05 17:37:11.0499 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/05 17:37:11.0515 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/05 17:37:11.0546 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/05 17:37:11.0624 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/05 17:37:11.0655 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/05 17:37:11.0687 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/05 17:37:11.0702 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/05 17:37:11.0765 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/05 17:37:11.0796 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/08/05 17:37:11.0843 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2010/08/05 17:37:11.0936 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/05 17:37:12.0030 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/05 17:37:12.0092 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/05 17:37:12.0108 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/05 17:37:12.0139 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/05 17:37:12.0170 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/05 17:37:12.0248 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/05 17:37:12.0295 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/05 17:37:12.0389 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/05 17:37:12.0404 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/05 17:37:12.0451 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/05 17:37:12.0482 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/05 17:37:12.0545 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/05 17:37:12.0591 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/05 17:37:12.0607 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/05 17:37:12.0685 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/05 17:37:12.0716 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/08/05 17:37:12.0763 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/05 17:37:12.0794 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/05 17:37:12.0810 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/05 17:37:12.0888 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/08/05 17:37:12.0919 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/05 17:37:12.0950 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/05 17:37:12.0981 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/05 17:37:13.0059 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/05 17:37:13.0106 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/05 17:37:13.0137 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/05 17:37:13.0231 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/08/05 17:37:13.0293 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/05 17:37:13.0387 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/05 17:37:13.0434 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/08/05 17:37:13.0543 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/05 17:37:13.0637 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/08/05 17:37:13.0730 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/05 17:37:13.0746 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/05 17:37:13.0793 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/05 17:37:13.0871 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/05 17:37:13.0902 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/05 17:37:13.0933 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/05 17:37:14.0245 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/08/05 17:37:14.0448 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/05 17:37:14.0463 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/08/05 17:37:14.0479 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/05 17:37:14.0541 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/08/05 17:37:14.0635 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/05 17:37:14.0666 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/05 17:37:14.0697 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/05 17:37:14.0744 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/05 17:37:14.0885 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/05 17:37:15.0072 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/05 17:37:15.0165 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/05 17:37:15.0181 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/08/05 17:37:15.0212 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/05 17:37:15.0259 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/08/05 17:37:15.0290 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/08/05 17:37:15.0399 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/05 17:37:15.0477 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/05 17:37:15.0618 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/05 17:37:15.0633 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/08/05 17:37:15.0665 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/05 17:37:15.0727 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/05 17:37:15.0852 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/05 17:37:15.0883 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/05 17:37:15.0930 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/05 17:37:15.0945 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/05 17:37:16.0008 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/05 17:37:16.0055 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/05 17:37:16.0070 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/05 17:37:16.0086 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/05 17:37:16.0195 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/05 17:37:16.0226 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/05 17:37:16.0273 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/08/05 17:37:16.0335 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/05 17:37:16.0429 RTL8169 (034033f5a921764d8c4ba6698800d95b) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/08/05 17:37:16.0491 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/05 17:37:16.0569 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/05 17:37:16.0601 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/05 17:37:16.0647 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2010/08/05 17:37:16.0710 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/05 17:37:16.0772 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/05 17:37:16.0803 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/05 17:37:16.0850 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/08/05 17:37:16.0913 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/05 17:37:16.0944 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/05 17:37:16.0975 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/05 17:37:17.0006 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/05 17:37:17.0069 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/05 17:37:17.0131 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/05 17:37:17.0162 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/08/05 17:37:17.0193 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/05 17:37:17.0271 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2010/08/05 17:37:17.0318 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/05 17:37:17.0412 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/05 17:37:17.0459 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/08/05 17:37:17.0505 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/05 17:37:17.0677 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/05 17:37:17.0786 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/05 17:37:17.0833 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/05 17:37:17.0927 SynTP (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/05 17:37:18.0192 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2010/08/05 17:37:18.0348 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/05 17:37:18.0582 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/05 17:37:18.0691 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/05 17:37:18.0722 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/05 17:37:18.0753 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/05 17:37:18.0785 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/05 17:37:18.0909 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/05 17:37:18.0941 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/05 17:37:18.0987 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/05 17:37:19.0019 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/05 17:37:19.0097 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/05 17:37:19.0143 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/05 17:37:19.0175 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/05 17:37:19.0299 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/05 17:37:19.0346 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/05 17:37:19.0377 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/05 17:37:19.0424 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/05 17:37:19.0518 usbccgp (afb10a231254a1920c3bb4a0d02e1ca6) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/05 17:37:19.0549 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/05 17:37:19.0596 usbehci (44245742c4ed2eafd69020583424455b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/05 17:37:19.0689 usbhub (db39b3f83af77bca019d7df6aaddbdae) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/05 17:37:19.0736 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/08/05 17:37:19.0783 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/05 17:37:19.0923 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/05 17:37:19.0986 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/05 17:37:20.0079 usbuhci (587809974e43cfad0ca0ef6e1d940ca9) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/05 17:37:20.0126 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/05 17:37:20.0251 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/05 17:37:20.0282 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/05 17:37:20.0298 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/05 17:37:20.0329 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/05 17:37:20.0423 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/05 17:37:20.0454 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/05 17:37:20.0469 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/08/05 17:37:20.0485 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/08/05 17:37:20.0594 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/05 17:37:20.0657 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/05 17:37:20.0688 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/05 17:37:20.0688 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/05 17:37:20.0781 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/05 17:37:20.0859 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/05 17:37:21.0062 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/08/05 17:37:21.0218 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/05 17:37:21.0249 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/05 17:37:21.0296 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/05 17:37:21.0359 ================================================================================
2010/08/05 17:37:21.0359 Scan finished
2010/08/05 17:37:21.0359 ================================================================================

Zickchen 05.08.2010 16:40
OTL Logfile:
Code:
OTL logfile created on: 05.08.2010 17:38:45 - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Derya\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,09 Gb Total Space | 71,98 Gb Free Space | 30,49% Space Free | Partition Type: NTFS
Drive D: | 49,00 Gb Total Space | 48,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DERYA-PC
Current User Name: Derya
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
PRC - [2010.08.04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derya\Desktop\TDSSKiller.exe
PRC - [2010.07.25 10:12:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.12.11 01:40:53 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\program files\avira\antivir desktop\avcenter.exe
PRC - [2009.07.24 05:20:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.28 08:06:56 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 08:47:58 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.21 09:53:06 | 007,420,448 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.10 09:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.26 10:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.19 06:18:10 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007.02.10 06:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007.02.10 06:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.12.11 01:40:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 16:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 11:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.21 09:37:38 | 002,361,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.08.28 04:52:52 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.07.12 12:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006.11.14 02:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 10:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 10:12:52 | 000,000,000 | ---D | M]
 
[2009.12.12 21:57:10 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Extensions
[2010.08.05 17:01:38 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions
[2010.07.15 14:12:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.12 21:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010.01.17 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\firefox@tvunetworks.com
[2010.07.15 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxfilter@inspiredeffect.net
[2010.07.15 14:12:38 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxyproxy@eric.h.jung
[2010.02.16 19:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\AutoRun\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\menu1\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.05 17:35:48 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Derya\Desktop\TDSSKiller.exe
[2010.08.05 17:31:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.05 16:39:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.05 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.05 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.05 15:53:54 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\Malwarebytes
[2010.08.05 15:53:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.05 15:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.05 15:53:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.05 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.05 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Derya\Desktop\MFTools
[2010.08.03 21:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2010.08.03 21:23:13 | 000,000,000 | -HSD | C] -- C:\Users\Derya\AppData\Roaming\.#
[2010.07.21 22:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2010.06.20 14:25:53 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\Windows\System32\drivers\BVRPMPR5.SYS
[2010.06.20 14:25:30 | 000,000,000 | ---D | C] -- C:\Netgear
[2010.06.04 11:44:25 | 000,000,000 | ---D | C] -- C:\Users\Derya\Documents\Hagemann DEW
[2010.05.30 15:02:51 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Local\Sony Ericsson
[2010.05.30 15:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2010.05.30 14:55:21 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.05.30 14:54:48 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.05.30 14:54:48 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.05.30 14:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010.05.29 19:30:54 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.05.29 19:30:54 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.05.29 19:30:54 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010.05.29 19:30:54 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010.05.29 19:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner
[2010.05.18 10:56:02 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll
[2010.05.18 10:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010.05.09 21:56:37 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\TuneUp Software
[2010.05.09 21:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.05.09 21:55:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.05.08 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\Derya\Documents\DVDVideoSoft
[2010.05.08 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.05.08 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.05 17:39:00 | 001,835,008 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT
[2010.08.05 17:35:27 | 001,130,629 | ---- | M] () -- C:\Users\Derya\Desktop\tdsskiller.zip
[2010.08.05 17:32:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 17:32:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 17:32:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.05 17:32:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.05 17:32:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.05 17:32:17 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 17:31:39 | 000,524,288 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.05 17:31:39 | 000,065,536 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.05 17:07:37 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
[2010.08.05 17:05:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.05 16:39:24 | 253,544,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:10:56 | 002,064,013 | -H-- | M] () -- C:\Users\Derya\AppData\Local\IconCache.db
[2010.08.05 16:01:51 | 000,000,733 | ---- | M] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | M] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:53:15 | 000,284,915 | ---- | M] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 21:07:54 | 000,097,280 | ---- | M] () -- C:\Users\Derya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 20:46:05 | 000,386,621 | ---- | M] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.08.04 15:23:04 | 001,592,750 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.04 15:23:04 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.04 15:23:04 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.04 15:23:04 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.04 15:23:04 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derya\Desktop\TDSSKiller.exe
[2010.08.04 13:23:57 | 000,019,456 | ---- | M] () -- C:\Users\Derya\Documents\ausgabenbeni.xls
[2010.06.11 09:43:45 | 000,371,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.30 15:08:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.05.30 15:08:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.05.08 22:47:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010.08.05 17:35:23 | 001,130,629 | ---- | C] () -- C:\Users\Derya\Desktop\tdsskiller.zip
[2010.08.05 16:38:57 | 253,544,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:13:10 | 000,293,376 | ---- | C] () -- C:\Users\Derya\Desktop\gmer.exe
[2010.08.05 16:01:51 | 000,000,733 | ---- | C] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | C] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:51:07 | 000,284,915 | ---- | C] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 20:46:05 | 000,386,621 | ---- | C] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.05.30 15:08:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.05.30 15:08:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.18 10:56:02 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.05.08 22:47:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009.12.28 11:50:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.28 11:50:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.09 15:10:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.24 05:19:37 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.07.24 05:19:37 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.07.24 05:17:29 | 000,004,280 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.07.24 05:17:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 03:35:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.07.24 03:35:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.08.05 08:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.08.03 21:25:14 | 000,000,000 | -HSD | M] -- C:\Users\Derya\AppData\Roaming\.#
[2009.12.20 22:20:42 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\PDF reDirect
[2010.05.09 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\TuneUp Software
[2010.08.05 17:31:40 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.05 17:07:37 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

Zickchen 05.08.2010 16:41
Der Rechner läuft wie immer.

Larusso 05.08.2010 16:54
Schritt 1

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.

    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.

  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.


Schritt 3

Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Zickchen 05.08.2010 17:34
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9 - Deutsch
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Zickchen 05.08.2010 17:35
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9 - Deutsch
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Zickchen 05.08.2010 17:53
rest scannt noch

Zickchen 05.08.2010 18:37
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1a1737915c898c498cd082351b587812
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-05 05:21:44
# local_time=2010-08-05 07:21:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 56539517 8631 0
# compatibility_mode=5892 16776573 100 100 197227 118556938 0 0
# compatibility_mode=8192 67108863 100 0 68 68 0 0
# scanned=132086
# found=0
# cleaned=0
# scan_time=4695

Zickchen 05.08.2010 18:37
und nun?...........

Larusso 05.08.2010 20:18
Alles mit der Ruhe -.-

Schritt 1

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
  • Schließe alle Browserfenster.
  • Doppelklicke die JavaRa.exe, um das Programm zu starten.
  • Die Sprache auswählen, nimm Englisch und klicke "Select".
  • Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
  • Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
  • Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
  • Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
  • Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
  • Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
  • Rechner neu starten.
Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.


Schritt 2

Starte bitte Adobe Reader.
Im Reiter Help klicke bitte auch Check for Updates


Schritt 3

Downloade Dir bitte das Service Pack 2 und installiere dieses


Schritt 4

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt
Berichte wie der Rechner läuft

Zickchen 05.08.2010 21:01
java ist aktualisiert, service pack 2 krieg ich nicht insatlliert - es liegt ein Systemfehler vor.
Er sagt mir, dass ich ein Vorbereitungstool installieren soll. Das soll ich über updates suchen.
Findet er aber nicht.
Muss jetzt ins Bett, mache morgen früh direkt weiter.
danke schon einmal...

gute nacht..

Larusso 05.08.2010 21:50
Downloaddetails: Update f&#252;r Windows Vista (KB955430)

Zickchen 06.08.2010 10:32
Zitat:
Zitat von Larusso (Beitrag 550826)
Downloaddetails: Update für Windows Vista (KB955430)
Hab ich runtergeladen und installiert.
Dann versucht das Vorbereitungstool zu bekommen.
Findet er nicht. Dann versucht trotzdem das SP2 zu installieren und gibt mir wieder nur an das es ein Systemfehler ist.

Hab versucht ein vorhandenes Update zu installieren, hat er auch abgebrochen und nur nen Code ausgespuckt.

Zickchen 06.08.2010 10:45
code80200053 ist der fehlercode den er mir bei einem updateversuch anzeigt.

Zickchen 06.08.2010 11:29
OTL Logfile:
Code:
OTL logfile created on: 06.08.2010 12:22:46 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Derya\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,09 Gb Total Space | 96,94 Gb Free Space | 41,06% Space Free | Partition Type: NTFS
Drive D: | 49,00 Gb Total Space | 48,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DERYA-PC
Current User Name: Derya
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
PRC - [2010.07.25 10:12:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.07.25 10:12:50 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.10.13 12:26:28 | 000,466,689 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2009.07.24 05:20:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.28 08:06:56 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 08:47:58 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.21 09:53:06 | 007,420,448 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.10 09:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.26 10:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.19 06:18:10 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.12.11 01:40:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 16:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 11:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.21 09:37:38 | 002,361,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.08.28 04:52:52 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.07.12 12:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006.11.14 02:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.06 11:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.06 11:21:22 | 000,000,000 | ---D | M]
 
[2009.12.12 21:57:10 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Extensions
[2010.08.06 11:20:17 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions
[2010.07.15 14:12:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.12 21:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010.08.06 07:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.17 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\firefox@tvunetworks.com
[2010.07.15 14:12:38 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxyproxy@eric.h.jung
[2010.08.05 21:55:57 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.08.05 21:46:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.05 21:45:59 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Derya\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\AutoRun\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\menu1\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.06 11:45:58 | 000,000,000 | ---D | C] -- C:\f7ec9de5434cc48ae049ae30ddb0448c
[2010.08.06 11:36:07 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2010.08.06 07:33:26 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.05 21:58:04 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Local\WindowsUpdate
[2010.08.05 21:50:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.08.05 21:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.05 21:46:11 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.05 21:46:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.05 21:46:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.05 21:46:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.05 21:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.08.05 21:32:20 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Derya\Desktop\JavaRa.exe
[2010.08.05 18:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.08.05 17:35:48 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Derya\Desktop\TDSSKiller.exe
[2010.08.05 17:31:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.05 16:39:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.05 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.05 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.05 15:53:54 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\Malwarebytes
[2010.08.05 15:53:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.05 15:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.05 15:53:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.05 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.05 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Derya\Desktop\MFTools
[2010.08.03 21:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2010.08.03 21:23:13 | 000,000,000 | -HSD | C] -- C:\Users\Derya\AppData\Roaming\.#
[2010.07.21 22:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.06 12:24:54 | 001,835,008 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT
[2010.08.06 12:24:43 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
[2010.08.06 12:05:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.06 11:40:26 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010.08.06 11:37:05 | 001,475,800 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.06 11:37:05 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.06 11:37:05 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.06 11:37:05 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.06 11:37:05 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.06 11:06:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.06 11:06:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.06 11:06:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.06 11:06:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.06 11:06:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.06 11:06:22 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.06 07:51:56 | 000,524,288 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.06 07:51:56 | 000,065,536 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.06 07:51:54 | 006,291,456 | -H-- | M] () -- C:\Users\Derya\AppData\Local\IconCache.db
[2010.08.06 07:33:24 | 000,001,032 | ---- | M] () -- C:\Users\Derya\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.06 07:19:25 | 000,000,423 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010.08.05 21:45:58 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.05 21:45:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.05 21:45:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.05 21:45:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.05 21:43:22 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.05 21:31:23 | 000,071,798 | ---- | M] () -- C:\Users\Derya\Desktop\JavaRa.zip
[2010.08.05 18:32:16 | 000,869,051 | ---- | M] () -- C:\Users\Derya\Desktop\SecurityCheck.exe
[2010.08.05 18:00:43 | 002,672,312 | ---- | M] () -- C:\Users\Derya\Desktop\esetsmartinstaller_enu.exe
[2010.08.05 17:35:27 | 001,130,629 | ---- | M] () -- C:\Users\Derya\Desktop\tdsskiller.zip
[2010.08.05 16:39:24 | 253,544,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:01:51 | 000,000,733 | ---- | M] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | M] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:53:15 | 000,284,915 | ---- | M] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 21:07:54 | 000,097,280 | ---- | M] () -- C:\Users\Derya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 20:46:05 | 000,386,621 | ---- | M] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.08.04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derya\Desktop\TDSSKiller.exe
[2010.08.04 13:23:57 | 000,019,456 | ---- | M] () -- C:\Users\Derya\Documents\ausgabenbeni.xls
 
========== Files Created - No Company Name ==========
 
[2010.08.06 07:33:20 | 000,001,032 | ---- | C] () -- C:\Users\Derya\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.05 21:43:22 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.05 21:32:20 | 000,245,103 | ---- | C] () -- C:\Users\Derya\Desktop\JavaRa.def
[2010.08.05 21:31:22 | 000,071,798 | ---- | C] () -- C:\Users\Derya\Desktop\JavaRa.zip
[2010.08.05 18:32:15 | 000,869,051 | ---- | C] () -- C:\Users\Derya\Desktop\SecurityCheck.exe
[2010.08.05 18:00:41 | 002,672,312 | ---- | C] () -- C:\Users\Derya\Desktop\esetsmartinstaller_enu.exe
[2010.08.05 17:35:23 | 001,130,629 | ---- | C] () -- C:\Users\Derya\Desktop\tdsskiller.zip
[2010.08.05 16:38:57 | 253,544,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:13:10 | 000,293,376 | ---- | C] () -- C:\Users\Derya\Desktop\gmer.exe
[2010.08.05 16:01:51 | 000,000,733 | ---- | C] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | C] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:51:07 | 000,284,915 | ---- | C] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 20:46:05 | 000,386,621 | ---- | C] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.05.18 10:56:02 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009.12.28 11:50:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.28 11:50:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.09 15:10:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.24 05:19:37 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.07.24 05:19:37 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.07.24 05:17:29 | 000,004,280 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.07.24 05:17:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 03:35:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.07.24 03:35:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.08.05 08:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 06.08.2010 12:22:46 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Derya\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,09 Gb Total Space | 96,94 Gb Free Space | 41,06% Space Free | Partition Type: NTFS
Drive D: | 49,00 Gb Total Space | 48,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DERYA-PC
Current User Name: Derya
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system |
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system |
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system |
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22B4D4BC-F397-40C7-9174-D0EA5C3C502D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{654745A0-0069-4F55-9E7C-21427E827FC2}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{65A32000-6AA6-4098-9C96-E0BECF98BB91}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6F60A275-9EC3-41A8-A3A8-A93E2274200D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC9462F6-B41E-4DF5-9D89-53412414E8EF}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{F5F3BCCF-A29F-4EEA-A1D6-136E32AEAF4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{0E0E9C79-F7E4-45B3-B00A-486F255AE8B3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F01651CB-E27F-416C-8D2A-566A61575173}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{02EB20C5-49AD-4E76-A31A-71960A6F70F5}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{85D44772-5EB8-4B35-AD27-6BF7932806B8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Die Wiege Olympias 2" = Die Wiege Olympias 2
"DSGPlayer" = RTL GAME CENTER
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PDF reDirect" = PDF reDirect (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.08.2010 10:40:39 | Computer Name = Derya-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.08.2010 11:32:58 | Computer Name = Derya-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 05.08.2010 11:32:58 | Computer Name = Derya-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 05.08.2010 11:34:04 | Computer Name = Derya-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.08.2010 11:34:15 | Computer Name = Derya-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 05.08.2010 11:34:15 | Computer Name = Derya-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 05.08.2010 15:53:48 | Computer Name = Derya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SynTPEnh.exe, Version 11.1.3.2, Zeitstempel
0x48b6efcc, fehlerhaftes Modul SynTPEnh.exe, Version 11.1.3.2, Zeitstempel 0x48b6efcc,
 Ausnahmecode 0xc0000409, Fehleroffset 0x0002c1ec,  Prozess-ID 0xe34, Anwendungsstartzeit
 01cb34b37ac8d3f5.
 
Error - 06.08.2010 01:05:24 | Computer Name = Derya-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 06.08.2010 01:05:24 | Computer Name = Derya-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 06.08.2010 01:06:07 | Computer Name = Derya-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 06.08.2010 05:34:07 | Computer Name = Derya-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 06.08.2010 05:34:07 | Computer Name = Derya-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 06.08.2010 05:34:07 | Computer Name = Derya-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 06.08.2010 05:34:07 | Computer Name = Derya-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 06.08.2010 05:34:07 | Computer Name = Derya-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 06.08.2010 05:34:07 | Computer Name = Derya-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 06.08.2010 05:34:07 | Computer Name = Derya-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 06.08.2010 05:34:07 | Computer Name = Derya-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 06.08.2010 05:47:27 | Computer Name = Derya-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 7
Description =
 
Error - 06.08.2010 05:47:27 | Computer Name = Derya-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description =
 
 
< End of report >
--- --- ---

Larusso 06.08.2010 11:30
hy, versuch einmal das hier zu installieren. Vista ist da etwas, naja nennen wir es mal "eigen"

[ur]http://winfuture.de/downloadvorschalt,2258.html[/url]

Zickchen 06.08.2010 11:53
klappt auch nicht.

Larusso 06.08.2010 11:59
Hy, gehe bitte auf folgende Seite und führe die Schritte 1-3 aus. Versuche danach das Update erneut zu installieren.
Stelle dabei alle HinterGrundwächter ab. Du benötigst Administratorrechte

Genuine Microsoft Software

Zickchen 06.08.2010 12:03
Zitat:
Zitat von Larusso (Beitrag 551010)
Hy, gehe bitte auf folgende Seite und führe die Schritte 1-3 aus. Versuche danach das Update erneut zu installieren.
Stelle dabei alle HinterGrundwächter ab. Du benötigst Administratorrechte

Genuine Microsoft Software
Ähm, mein Englisch ist jetzt nicht so gut das ich das ohne Weiteres hinbekomme.
Kannst Du mir das bitte übersetzen?
Danke

Zickchen 07.08.2010 11:26
...oder hast Du noch eine andere Lösung?

Larusso 07.08.2010 11:59
Türlich kann ich das übersetzen :)

1.

Klicke links auf den Validate Windows Button.

2.
Installiere das Firefox PlugIn. (sollte nur kommen wenn du mit dem FF dort bist)

3.
Nur eine Erklärung.

Wenn du auf den Vaildate Windows button klickst, installiere das Plug In und klicke danach auf refresh.
Windows Genuine Advantage Plug-in loaded correctly << wenn dies erscheint, klicke auf Continue

Danach auf Validate Now.
Starte danach die heruntergeladene legitcheck.hta. Ignoriere gegebenfalls eine Meldung und klicke JA.

Folge danach den Anweisungen auf dem Bildschirm.
Kopiere mir danach den Inhalt des PopUps hier mal rein.

Zickchen 07.08.2010 12:59
validate windows button, welcher soll das sein?

Larusso 07.08.2010 13:11
Links sollte der sein. So ein blaues recheckiges Ding wo weiß validate Windows drinn steht nennt man Button

Zickchen 07.08.2010 13:15
boar sorry, ich versteh nur Bahnhof.
Ist der auf dem Bildschirm oder der auf der Tastatur?

Ich seh hier sowas nicht...


Übrigens sind ( wieso auch immer) meine Desktop Symbole riesig groß seit gerade....wie kommt das?

Larusso 07.08.2010 13:30
Liste der Anhänge anzeigen (Anzahl: 1)
Wahrscheinlich iwas gedrückt was man nicht tun sollte

Schau mal ans angehängte bild

rechtsklick am desktop --> Eigenschaften-->Darstellung-->EFFECKT
und den Hacken bei Große symbole entfernen

Zickchen 09.08.2010 07:37
jetzt hab ich es verstanden :-)

hab´s installiert und ausgeführt, leider hat sich nix geöffnet...
wo krieg ich die Daten jetzt her?

Larusso 09.08.2010 10:47
mit rechtsklick als admin gestartet ?

Zickchen 09.08.2010 10:53
Validation Complete!
Thank you for completing the validation process and for using genuine Microsoft software.

By using genuine Microsoft software, you can be confident that you will have access to the latest features, security, and support, which will help to improve your productivity and expand the capabilities of your computer.

You will also have access to new innovations and offerings available only to genuine Microsoft software customers




Das steht da wenn ich das ausführe..

Es hat sich zwar installiert, aber wo bitte?

Larusso 09.08.2010 10:58
Sp2 immer noch nicht installierbar ?

Zickchen 12.08.2010 12:13
sp2 kann ich immernoch nicht installieren.

Larusso 12.08.2010 21:23
http://www.microsoft.com/downloads/details.aspx?FamilyID=5765d7a8-7722-4888-a970-ac39b33fd8ab&displaylang=de

Installieren und dann Sp2 versuchen. Dann bin ich mit dem Latein am Ende

Zickchen 18.08.2010 10:53
Geht auch nicht :-)

Ist jetzt auch ega..hab da keine lust mehr drauf das sp2 zu installieren, ich schmeiss den vom balkon..

Nur mein Problem jetzt ist, der läuft ziemlich langsam...

was ist eigentlich mit dem trojaner? ist der runter?
angezeigt wird er nicht mehr.

Larusso 18.08.2010 15:43
Meine Glaskugel ist derzeit in Reinigung. Was ist langsam. der start, das ganze system ...

Wir brauchen hier Details. Wär ungefähr das selbe wie wenn ich dir
"Poste mal ne OTL Log"
posten würde

Zickchen 18.08.2010 16:02
:-) :-) sorry

also, alles ist langsam - der start, das internet, programme..
er ist einfach langsamer geworden...


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131