Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Black Screen & Shut down Issue [Solved]

Started by ntlyke , Oct 29 2012 09:07 AM

  • This topic is locked This topic is locked

#1
ntlyke
Posted 29 October 2012 - 09:07 AM

ntlyke

    Member

  • Member
  • PipPip
  • 59 posts
Hello this was my other topic but Donna told me to come here.

http://www.geekstogo...77#entry2220677

At the moment it just freezes and no black screen.

In the last post you can find out about my Kernel issue : http://www.geekstogo...ost__p__2221937

Here is my OTL Log :

OTL logfile created on: 29.10.2012 15:55:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soner\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 62,45% Memory free
7,49 Gb Paging File | 5,64 Gb Available in Paging File | 75,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 374,04 Gb Free Space | 62,75% Space Free | Partition Type: NTFS

Computer Name: SONER-PC | User Name: Soner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.29 15:54:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Soner\Downloads\OTL.exe
PRC - [2012.10.10 11:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010.05.06 21:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.06.11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.10 11:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
MOD - [2012.10.10 11:06:13 | 012,435,992 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012.10.10 11:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012.10.10 11:04:57 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012.10.10 11:04:55 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012.10.10 11:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012.10.10 11:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012.10.10 11:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.07.04 07:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.07.04 00:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.26 18:57:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.25 12:47:24 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.10.25 12:45:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.10.11 02:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.05.06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.10.25 20:11:45 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.04 06:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.05.06 21:41:23 | 000,424,016 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2010.05.06 21:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010.05.06 21:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010.05.06 21:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010.05.06 21:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.05.06 21:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 E0 18 94 B1 B2 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.25 14:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.10.25 14:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soner\AppData\Roaming\mozilla\Extensions
[2012.10.25 14:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soner\AppData\Roaming\mozilla\Firefox\Profiles\ven14gag.default\extensions
[2012.10.25 14:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.11 02:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 08:15:12 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012.10.11 08:15:12 | 000,002,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.10.27 20:43:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A778F1C-805A-4C4E-BF80-E9CBAE7DAE57}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.29 15:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[2012.10.29 15:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geeks3D
[2012.10.27 20:43:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.10.27 20:30:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.27 20:30:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.27 20:30:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.27 20:26:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.27 20:25:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.27 15:36:22 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Macromedia
[2012.10.26 18:57:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.10.25 20:32:20 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\CRE
[2012.10.25 20:23:49 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.10.25 20:19:37 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\ageof
[2012.10.25 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012.10.25 20:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012.10.25 20:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2012.10.25 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\TuneUp Software
[2012.10.25 20:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.25 20:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.10.25 20:12:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.25 20:11:45 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.25 20:11:41 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\DAEMON Tools Lite
[2012.10.25 20:11:36 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\OpenCandy
[2012.10.25 20:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.10.25 20:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.10.25 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\BIOS_Acer_2.15_Windows
[2012.10.25 15:52:05 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\WinZip
[2012.10.25 15:51:14 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\everest
[2012.10.25 14:10:32 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Mozilla
[2012.10.25 14:10:32 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Mozilla
[2012.10.25 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.25 14:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.25 14:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.25 14:06:47 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Macromedia
[2012.10.25 13:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.25 13:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.10.25 12:51:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.10.25 12:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.25 12:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4
[2012.10.25 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Adobe
[2012.10.25 12:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.10.25 12:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.10.25 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.25 12:45:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.10.25 12:45:41 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Adobe
[2012.10.25 12:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012.10.25 12:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.10.25 12:18:35 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\WinZip
[2012.10.25 12:02:53 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\AMD
[2012.10.25 12:02:38 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\ATI
[2012.10.25 12:02:38 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\ATI
[2012.10.25 12:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.25 12:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.10.25 12:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.25 12:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.25 12:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.10.25 12:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.10.25 12:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.10.25 11:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.10.25 11:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.25 11:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.25 11:57:53 | 000,000,000 | ---D | C] -- C:\AMD
[2012.10.25 11:44:58 | 000,000,000 | ---D | C] -- C:\Users\Soner\Documents\My Palettes
[2012.10.25 11:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2012.10.25 11:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012.10.25 11:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
[2012.10.25 11:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012.10.25 10:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2012.10.25 10:20:32 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Corel
[2012.10.25 10:09:17 | 000,000,000 | ---D | C] -- C:\Users\Soner\Documents\Corel
[2012.10.25 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\Soner\Documents\Visual Studio 2008
[2012.10.25 10:08:54 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Microsoft Help
[2012.10.25 10:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.10.25 10:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.10.25 10:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.10.25 10:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.10.25 09:33:11 | 000,000,000 | ---D | C] -- C:\Users\Soner\Documents\Vuze Downloads
[2012.10.25 09:29:32 | 000,000,000 | ---D | C] -- C:\Users\Soner\.swt
[2012.10.25 09:26:40 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Azureus
[2012.10.25 09:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2012.10.25 08:51:05 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.25 08:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2012.10.25 08:51:04 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.25 08:51:02 | 000,424,016 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.25 08:51:01 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.10.25 08:50:59 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.25 08:50:55 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.25 08:49:21 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.25 08:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012.10.25 08:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012.10.24 10:29:34 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Mastercollection cs4
[2012.10.24 10:29:06 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Corel DRAW Graphics Suite X5 EN
[2012.10.24 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\bauplatz
[2012.10.24 10:09:26 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\DCIM
[2012.10.24 10:08:23 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Exports
[2012.10.24 07:41:46 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Soner
[2012.10.24 07:21:14 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\TU Architektur
[2012.10.24 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Portfolio
[2012.10.24 06:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.10.24 03:05:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.10.24 03:05:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.10.23 23:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.10.23 23:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.10.23 23:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.10.23 22:31:22 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Skype
[2012.10.23 22:31:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.10.23 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.23 22:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.23 22:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.10.23 22:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.10.23 22:25:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.10.23 22:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.10.23 22:25:07 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Google
[2012.10.23 22:24:36 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Apps
[2012.10.23 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Deployment
[2012.10.23 20:40:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.10.23 19:52:30 | 000,000,000 | R--D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.23 19:52:29 | 000,000,000 | R--D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.23 19:52:29 | 000,000,000 | R--D | C] -- C:\Users\Soner\Searches
[2012.10.23 19:51:45 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Identities
[2012.10.23 19:51:40 | 000,000,000 | R--D | C] -- C:\Users\Soner\Contacts
[2012.10.23 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\VirtualStore
[2012.10.23 19:51:27 | 000,000,000 | --SD | C] -- C:\Users\Soner\AppData\Roaming\Microsoft
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\Favorites
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\Downloads
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\Documents
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\Desktop
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Vorlagen
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\AppData\Local\Verlauf
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\AppData\Local\Temporary Internet Files
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Startmenü
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\SendTo
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Recent
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Netzwerkumgebung
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Lokale Einstellungen
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Documents\Eigene Videos
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Documents\Eigene Musik
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Eigene Dateien
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Documents\Eigene Bilder
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Druckumgebung
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Cookies
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\AppData\Local\Anwendungsdaten
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Anwendungsdaten
[2012.10.23 19:51:27 | 000,000,000 | -H-D | C] -- C:\Users\Soner\AppData
[2012.10.23 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Temp
[2012.10.23 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Microsoft
[2012.10.23 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Media Center Programs
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Videos
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Saved Games
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Pictures
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Music
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Links
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.10.23 19:51:13 | 000,000,000 | ---D | C] -- C:\Recovery
[2012.10.23 19:43:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.10.23 19:41:37 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.10.23 19:40:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012.10.29 15:54:19 | 000,017,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 15:54:19 | 000,017,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 15:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.29 15:49:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.29 15:24:11 | 000,283,779 | ---- | M] () -- C:\Users\Soner\Desktop\Unbenannt3.png
[2012.10.29 14:55:51 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.29 14:55:51 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.29 14:55:51 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.29 14:55:50 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.29 14:55:50 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.29 14:52:15 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.29 14:51:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.29 14:51:14 | 3018,559,488 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.27 20:43:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.27 20:14:31 | 000,007,604 | ---- | M] () -- C:\Users\Soner\AppData\Local\Resmon.ResmonCfg
[2012.10.25 20:32:35 | 000,000,009 | ---- | M] () -- C:\END
[2012.10.25 20:11:45 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.25 15:40:06 | 002,902,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.25 14:14:16 | 000,084,029 | ---- | M] () -- C:\Users\Soner\Desktop\Unbenannt.png
[2012.10.25 14:10:22 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.25 14:05:37 | 000,023,495 | ---- | M] () -- C:\Windows\SysNative\energy-report.html
[2012.10.25 14:05:37 | 000,023,495 | ---- | M] () -- C:\Users\Soner\Desktop\energy-report.html
[2012.10.25 13:04:51 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2012.10.25 08:50:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.10.24 02:11:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.24 02:11:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.23 22:29:22 | 000,002,251 | ---- | M] () -- C:\Users\Soner\Desktop\Google Chrome.lnk
[2012.10.23 19:45:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.10.23 19:45:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.10.23 19:43:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.23 19:43:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012.10.29 15:24:11 | 000,283,779 | ---- | C] () -- C:\Users\Soner\Desktop\Unbenannt3.png
[2012.10.27 20:30:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.27 20:30:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.27 20:30:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.27 20:30:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.27 20:30:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.27 20:06:53 | 000,007,604 | ---- | C] () -- C:\Users\Soner\AppData\Local\Resmon.ResmonCfg
[2012.10.26 18:57:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.25 20:32:35 | 000,000,009 | ---- | C] () -- C:\END
[2012.10.25 14:14:16 | 000,084,029 | ---- | C] () -- C:\Users\Soner\Desktop\Unbenannt.png
[2012.10.25 14:11:16 | 000,023,495 | ---- | C] () -- C:\Users\Soner\Desktop\energy-report.html
[2012.10.25 14:10:22 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.25 14:10:22 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.25 14:05:37 | 000,023,495 | ---- | C] () -- C:\Windows\SysNative\energy-report.html
[2012.10.25 13:04:51 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2012.10.25 09:26:59 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012.10.25 08:50:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.10.24 02:11:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.24 02:11:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.23 22:29:22 | 000,002,251 | ---- | C] () -- C:\Users\Soner\Desktop\Google Chrome.lnk
[2012.10.23 22:25:21 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 22:25:19 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 19:52:51 | 000,001,443 | ---- | C] () -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.23 19:52:51 | 000,001,409 | ---- | C] () -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.23 19:45:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.10.23 19:44:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.10.23 19:43:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.23 19:43:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.23 19:40:45 | 3018,559,488 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.10.25 19:58:34 | 000,000,000 | ---D | M] -- C:\Users\Soner\AppData\Roaming\Azureus
[2012.10.25 20:14:45 | 000,000,000 | ---D | M] -- C:\Users\Soner\AppData\Roaming\DAEMON Tools Lite
[2012.10.25 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\Soner\AppData\Roaming\OpenCandy
[2012.10.25 20:14:00 | 000,000,000 | ---D | M] -- C:\Users\Soner\AppData\Roaming\TuneUp Software
[2012.10.25 15:52:05 | 000,000,000 | ---D | M] -- C:\Users\Soner\AppData\Roaming\WinZip

========== Purity Check ==========



< End of report >

Edited by Dakeyras, 02 November 2012 - 07:02 AM.
Removed code tags.

  • 0

Advertisements

#2
ntlyke
Posted 29 October 2012 - 09:09 AM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
There is also an "extra.txt" . Should I also post that?
  • 0

#3
ntlyke
Posted 01 November 2012 - 12:10 PM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hello?
  • 0

#4
Dakeyras
Posted 02 November 2012 - 07:14 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

No need to post logs within code tags as that makes them somewhat difficult to research. Also post the ComboFix log(if still available) in your next reply...

There is also an "extra.txt" . Should I also post that?

Aye please do so and we will then go from there, thank you.
  • 0

#5
ntlyke
Posted 02 November 2012 - 07:29 AM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
ComboFix 12-10-26.05 - Soner 27.10.2012 21:33:03.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3838.2706 [GMT 2:00]
ausgeführt von:: c:\users\Soner\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-27 bis 2012-10-27 ))))))))))))))))))))))))))))))
.
.
2012-10-27 14:29 . 2012-09-27 22:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-26 17:57 . 2012-10-26 17:57 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 17:57 . 2012-10-26 17:57 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-26 17:57 . 2012-10-26 17:57 -------- d-----w- c:\windows\system32\Macromed
2012-10-26 14:17 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFB466D4-A2DE-4A07-AAC2-B9EE75FC3E62}\mpengine.dll
2012-10-25 19:18 . 2012-10-25 19:18 -------- d-----w- c:\program files (x86)\MagicISO
2012-10-25 19:13 . 2012-10-25 19:14 -------- d-----w- c:\programdata\TuneUp Software
2012-10-25 19:12 . 2012-10-25 19:12 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-25 19:11 . 2012-10-25 19:11 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-25 19:11 . 2012-10-25 19:11 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-10-25 19:11 . 2012-10-25 19:14 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-10-25 13:10 . 2012-10-25 13:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-25 12:26 . 2012-10-25 12:26 -------- d-----w- c:\program files\Adobe
2012-10-25 12:17 . 2012-10-25 12:17 -------- d-----w- c:\programdata\ALM
2012-10-25 12:05 . 2008-04-07 03:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-10-25 11:51 . 2012-10-25 11:51 -------- d-----w- c:\windows\SysWow64\spool
2012-10-25 11:47 . 2012-10-25 11:47 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-10-25 11:47 . 2012-10-25 12:29 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-25 11:45 . 2012-10-25 11:45 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-25 11:45 . 2012-10-25 11:45 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-10-25 11:41 . 2012-10-25 12:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-25 11:02 . 2012-10-25 11:02 -------- d-----w- c:\programdata\ATI
2012-10-25 11:02 . 2012-10-25 11:02 -------- d-----w- c:\program files (x86)\AMD AVT
2012-10-25 11:02 . 2012-10-25 11:02 -------- d-----w- c:\program files (x86)\AMD APP
2012-10-25 11:02 . 2012-10-25 11:02 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-10-25 11:02 . 2012-10-25 11:02 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-10-25 11:01 . 2012-10-25 11:02 -------- d-----w- c:\programdata\AMD
2012-10-25 11:01 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-10-25 10:59 . 2012-10-25 10:59 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-10-25 10:59 . 2012-10-25 10:59 -------- d-----w- c:\program files\ATI
2012-10-25 10:58 . 2012-10-25 11:02 -------- d-----w- c:\program files\ATI Technologies
2012-10-25 10:57 . 2012-10-25 10:57 -------- d-----w- C:\AMD
2012-10-25 10:40 . 2012-10-25 10:40 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-10-25 10:39 . 2012-10-25 10:39 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-10-25 10:33 . 2012-10-25 10:33 -------- d-----w- c:\program files (x86)\Corel
2012-10-25 09:20 . 2012-10-25 09:20 -------- d-----w- c:\programdata\Protexis
2012-10-25 09:07 . 2012-10-25 09:07 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-10-25 09:07 . 2012-10-25 10:41 -------- d-----w- c:\programdata\Microsoft Help
2012-10-25 09:07 . 2012-10-25 09:07 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-10-25 09:05 . 2012-10-25 10:39 -------- d-----w- c:\programdata\Corel
2012-10-25 08:26 . 2012-10-25 08:26 -------- d-----w- c:\program files\Vuze
2012-10-25 07:51 . 2010-05-06 20:33 22096 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-25 07:51 . 2010-05-06 20:39 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-25 07:51 . 2010-05-06 20:41 424016 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-25 07:51 . 2010-05-06 20:34 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-25 07:50 . 2010-05-06 20:39 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-25 07:50 . 2010-05-06 20:34 63568 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-25 07:49 . 2010-05-06 20:59 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-25 07:49 . 2012-10-25 07:49 -------- d-----w- c:\programdata\Alwil Software
2012-10-25 07:49 . 2012-10-25 07:49 -------- d-----w- c:\program files\Alwil Software
2012-10-24 22:16 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-10-24 22:16 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-10-24 22:16 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-10-24 22:16 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-10-24 22:16 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-10-24 22:16 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-10-24 22:16 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-10-24 22:15 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-10-24 22:15 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-10-24 22:15 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-10-24 22:15 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-10-24 22:15 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-10-24 22:15 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-10-24 22:15 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-10-24 22:15 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-10-24 22:15 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-10-24 22:15 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-10-24 22:15 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-10-24 05:44 . 2012-10-25 09:07 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-10-24 02:05 . 2012-10-24 02:05 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-10-24 02:05 . 2012-10-24 02:05 -------- d-----w- c:\windows\system32\wbem\en-US
2012-10-24 02:05 . 2012-10-24 02:05 -------- d-----w- c:\windows\SysWow64\Wat
2012-10-24 02:05 . 2012-10-24 02:05 -------- d-----w- c:\windows\system32\Wat
2012-10-24 01:14 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-10-24 01:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-24 01:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-24 01:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-24 01:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-24 01:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-23 22:04 . 2012-10-25 11:18 -------- d-----w- c:\programdata\WinZip
2012-10-23 22:04 . 2012-10-23 22:04 -------- d-----w- c:\program files\WinZip
2012-10-23 21:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-10-23 21:40 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-10-23 21:40 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-10-23 21:40 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-10-23 21:40 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2012-10-23 21:40 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-10-23 21:40 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2012-10-23 21:40 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-23 21:40 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-23 21:40 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-23 21:40 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-23 21:40 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-23 21:31 . 2012-10-23 21:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-23 21:31 . 2012-10-23 21:31 -------- d-----r- c:\program files (x86)\Skype
2012-10-23 21:31 . 2012-10-23 21:31 -------- d-----w- c:\programdata\Skype
2012-10-23 21:28 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-23 21:28 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-10-23 21:28 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-23 21:28 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-10-23 21:28 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-10-23 21:28 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-10-23 21:26 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-23 21:26 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-23 21:25 . 2012-10-26 17:57 -------- d-sh--w- c:\windows\Installer
2012-10-23 21:25 . 2012-10-23 21:29 -------- d-----w- c:\program files (x86)\Google
2012-10-23 19:40 . 2012-10-23 18:51 -------- d-----w- c:\windows\Panther
2012-10-23 18:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-23 18:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-23 18:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-23 18:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-23 18:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-23 18:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-23 18:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-23 18:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-23 18:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-23 18:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-23 18:43 . 2012-10-23 18:43 0 ----a-w- c:\windows\ativpsrm.bin
2012-09-28 20:32 . 2012-09-28 20:32 2177688 ----a-w- c:\windows\system32\coin92.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 17:38 . 2012-10-23 21:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-26 250808]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-25 1038088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-24 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-25 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-03 361984]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 63568]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-26 17:57]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 21:25]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 21:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 20:59 174832 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - c:\users\Soner\AppData\Roaming\Mozilla\Firefox\Profiles\ven14gag.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-27 21:48:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-27 19:48
.
Vor Suchlauf: 7 Verzeichnis(se), 393.731.465.216 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 393.529.831.424 Bytes frei
.
- - End Of File - - 03A8E9C7482C0B06E21757970C180C72
  • 0

#6
ntlyke
Posted 02 November 2012 - 07:30 AM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

There is also an "extra.txt" . Should I also post that?

Aye please do so and we will then go from there, thank you.


OTL Extras logfile created on: 29.10.2012 15:55:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soner\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 62,45% Memory free
7,49 Gb Paging File | 5,64 Gb Available in Paging File | 75,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 374,04 Gb Free Space | 62,75% Space Free | Partition Type: NTFS

Computer Name: SONER-PC | User Name: Soner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3CEAE-803F-4963-A806-E3A7FC3CC550}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C2AFF7C-7111-4CDF-9AE2-800AEC9B17EA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{166F93C4-6890-4DE1-8C29-E79807BC9BD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E89A9E3-E9E1-42E0-9809-0017DAF4AFB2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FEFC113-F343-4FA6-B591-73872E007C57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21248495-7611-4C3A-8AB1-2DE2870D6DF6}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F1F7DA0-0F96-401B-86FC-793FFFE6CA9B}" = rport=137 | protocol=17 | dir=out | app=system |
"{35AF4FDB-B85F-4207-AE1C-19DFCE127ACB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{37D984E2-6C34-43D2-A6AD-C73FC9356098}" = rport=10243 | protocol=6 | dir=out | app=system |
"{41B10785-000C-453B-B62B-C556254B31A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47C8C793-2D74-40A4-ABEB-E78188382217}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47DA2CFC-C6B7-49BC-9450-03D8049D38B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C2AE0F3-5A40-4FCD-BC50-E307C3959B97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DD4220F-0F6D-465B-AA30-ABD334DC83F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D4D4B5D-8177-43C6-856B-0748D88DE41E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{651D37F7-2176-4320-A359-E1684253ABC7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BC2CCFA-EB25-45A6-97FE-98CA60118508}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C07BA0B-D279-41E7-A5D0-BA0FE8A2FB42}" = lport=138 | protocol=17 | dir=in | app=system |
"{75B04A39-E6F7-4822-81C5-683B8F7086DE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A199E56-8BF8-43E8-B606-8B47104B4905}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FFD2AA1-1A98-460B-B244-211FF76AE3D8}" = rport=139 | protocol=6 | dir=out | app=system |
"{86FDADE0-C294-46DC-8562-174A605EF333}" = lport=10243 | protocol=6 | dir=in | app=system |
"{938C32EE-786B-4990-AC79-74F093BDECE7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9B667DFE-5F1B-4DA6-8D2A-69378804AB51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F7F1641-DE04-4919-890F-FCA56470388A}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{A0EAF9C0-5C2B-47CE-8F0B-E176765FC878}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A95A9725-573D-45C2-BB7D-8378DCE93F6B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B374F6F9-6904-456E-9108-BDC28E245DF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B77D1AB8-C760-46A4-8B98-B529C2A3B93D}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA124CEC-DC80-403B-837C-4CFA0EF029A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8D19160-5AA6-4BED-875B-F0A36969DC94}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC92B2C5-A317-4370-9581-4A145863F990}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010646C6-5E00-4D8B-83ED-C4F03CBCC61A}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{0478083F-3AFD-4AE2-895C-0CF069FD2222}" = protocol=6 | dir=out | app=system |
"{05586DA4-2DA3-4797-A293-87C6C83F509B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13912278-F8DB-4F25-92FD-31F6779C3608}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14A78A86-1A88-4A78-8571-48BE8FD75515}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{1687C88C-2ACF-4261-B84A-F39A6D5BFFE4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32920505-1554-4D5A-8CF0-A1594186FB8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A83D5E4-358B-44D0-B652-327EF6E2FD14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3DA127D7-95DC-4EF5-AD39-2ACBED1C7F71}" = protocol=58 | dir=out | [email protected],-28546 |
"{479E7DAC-37C5-430C-ADB6-FF17ABFE50BB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5EA0C7FC-BEA8-477A-9647-567CB795D656}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{7BAE7B1D-8338-4336-A7D4-42EED4208555}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D154086-BF80-4D3E-A1B1-8EBF13FBAD27}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D515CC2-7EEA-4B7E-BC3E-2980BAA66469}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{926D4B2F-1FBF-4D9D-A553-FC4D8FA15E65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94F43A84-84B5-4D79-8093-E39FCB5EC692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A28D4966-36F6-4311-A1DC-74783C9B6109}" = protocol=1 | dir=in | [email protected],-28543 |
"{A5320BDB-CD6C-4DCD-9A9E-118AE8016523}" = protocol=1 | dir=out | [email protected],-28544 |
"{B82D954B-728F-40B0-ACE4-FAC286F72811}" = protocol=58 | dir=in | [email protected],-28545 |
"{B8B80627-F261-4218-8375-AD5678523CE3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA15D3B1-2A0F-4619-9D90-E2AA3294A02C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E6ED2B03-B240-4BF5-BF79-FE2677D43CA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB840CB2-D0A1-4437-BC5B-2980FC9EB12F}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{F57F3F33-F76C-41D6-B29D-529B87A6A7E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7909A75-6F38-4C49-BC4D-86D780093102}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8CF5450-598B-4DA1-BA39-64B8FED9C5D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC804833-3836-4C89-AEF9-9EFD58898BBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5080B216-2C2D-4566-B2B8-C26100FABFD4}C:\users\soner\desktop\ageof\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\soner\desktop\ageof\age2_x1.exe |
"TCP Query User{9A126E95-DE63-4F1D-8B01-B9087B3D5222}C:\users\soner\desktop\ageof\empires2.exe" = protocol=6 | dir=in | app=c:\users\soner\desktop\ageof\empires2.exe |
"TCP Query User{B5082461-14C8-469B-97A6-C7368FC476FB}C:\users\soner\desktop\ageof\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\soner\desktop\ageof\age2_x1.exe |
"TCP Query User{E14B433E-4D8A-49CB-8E7D-E44EF44BEBFC}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{43FF6B5D-54FB-4875-A5CE-7CE149D06F03}C:\users\soner\desktop\ageof\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\soner\desktop\ageof\age2_x1.exe |
"UDP Query User{84615C1F-C014-4009-8061-7A61E617FB31}C:\users\soner\desktop\ageof\empires2.exe" = protocol=17 | dir=in | app=c:\users\soner\desktop\ageof\empires2.exe |
"UDP Query User{A919D63A-1293-4EB9-9606-33EC7EB289AD}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{FB158420-0D91-4A20-B112-15F6CB5C1502}C:\users\soner\desktop\ageof\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\soner\desktop\ageof\age2_x1.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{4F2B8F3E-70FA-AA71-4526-3BFDEDE502EF}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8461-7759-5462-8226" = Vuze
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.3
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = AMD VISION Engine Control Center
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Mozilla Firefox 16.0.1 (x86 tr)" = Mozilla Firefox 16.0.1 (x86 tr)
"MozillaMaintenanceService" = Mozilla Maintenance Service

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26.10.2012 13:48:34 | Computer Name = Soner-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "TuneUp Utilities Service" konnte nicht
neu gestartet werden.

Error - 27.10.2012 10:26:01 | Computer Name = Soner-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.10.2012 15:06:26 | Computer Name = Soner-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.10.2012 15:17:05 | Computer Name = Soner-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.10.2012 15:44:08 | Computer Name = Soner-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.10.2012 16:02:18 | Computer Name = Soner-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.10.2012 15:35:51 | Computer Name = Soner-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.

Error - 29.10.2012 09:24:00 | Computer Name = Soner-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.

Error - 29.10.2012 10:44:35 | Computer Name = Soner-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FurMark.exe, Version: 1.10.3.0, Zeitstempel:
0x508b9d35 Name des fehlerhaften Moduls: FurMark.exe, Version: 1.10.3.0, Zeitstempel:
0x508b9d35 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00069d51 ID des fehlerhaften Prozesses:
0x37c Startzeit der fehlerhaften Anwendung: 0x01cdb5e3981682ec Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.10.3\FurMark.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.10.3\FurMark.exe
Berichtskennung:
27a3cd39-21d7-11e2-8b8e-00262d5ac37f

Error - 29.10.2012 10:45:09 | Computer Name = Soner-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FurMark.exe, Version: 1.10.3.0, Zeitstempel:
0x508b9d35 Name des fehlerhaften Moduls: FurMark.exe, Version: 1.10.3.0, Zeitstempel:
0x508b9d35 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00069d51 ID des fehlerhaften Prozesses:
0x874 Startzeit der fehlerhaften Anwendung: 0x01cdb5e3ed915031 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.10.3\FurMark.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.10.3\FurMark.exe
Berichtskennung:
3be04f4b-21d7-11e2-8b8e-00262d5ac37f

[ System Events ]
Error - 27.10.2012 15:12:10 | Computer Name = Soner-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.10.2012 15:12:10 | Computer Name = Soner-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.10.2012 15:12:10 | Computer Name = Soner-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.10.2012 15:14:18 | Computer Name = Soner-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.10.2012 15:14:18 | Computer Name = Soner-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.10.2012 15:14:18 | Computer Name = Soner-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.10.2012 15:36:59 | Computer Name = Soner-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 27.10.2012 15:40:44 | Computer Name = Soner-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 27.10.2012 15:41:37 | Computer Name = Soner-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 29.10.2012 09:51:22 | Computer Name = Soner-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?10.?2012 um 14:49:49 unerwartet heruntergefahren.


< End of report >
  • 0

#7
Dakeyras
Posted 02 November 2012 - 07:51 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Please move ComboFix to the desktop(if the executable is still present), it is(was) currently residing here:-

c:\users\Soner\Downloads\ComboFix.exe

Also as I am sure you are aware now, best not to run ComboFix unless advised to do so by a trained Anti-Malware helper. You have been very lucky as your on-board Anti-Virus appears to have been active during the ComboFix run which potentially can create a myriad of problems all told.

Move OTL to the desktop also please, the executable for that is in your downloads folder also.

Next:

Please download DeFogger to your desktop.

Right click DeFogger and select Run as Administrator to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Important! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

  • Right-click the aswMBR.exe select Run as Administrator to run it.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with FSS:

Please download Farbar Service Scanner and save to your Desktop.

  • Right-click FSS.exe and select Run as Administrator to start the program.
  • Select all available options
  • Then click on the Scan tab.
  • When the scan is complete, it will produce a log named FSS.txt.
  • Post the contents in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • aswMBR Log.
  • FSS Log.

  • 0

#8
ntlyke
Posted 02 November 2012 - 08:06 AM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Defogger doesnt ask me to restart the machine. I get the Disable and Re-enable screen after its says "Finished" and I clicked OK- What should I do?

Edited by ntlyke, 02 November 2012 - 08:07 AM.

  • 0

#9
Dakeyras
Posted 02 November 2012 - 08:10 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Just reboot your machine manually and then proceed with the rest of my instructions please. :)
  • 0

#10
ntlyke
Posted 02 November 2012 - 10:31 AM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Computer works very well like before. There are no other symptoms. It didnt freeze for 2 days but I dont always use this laptop and I dont know if its gone or not.

Thanks :)

Attached Files


  • 0

Advertisements

#11
Dakeyras
Posted 02 November 2012 - 11:01 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Computer works very well like before. There are no other symptoms. It didnt freeze for 2 days but I dont always use this laptop and I dont know if its gone or not.

OK and thanks for the update. Please do not attach any logs I request unless otherwise advised, just post them.

Thanks :)

You're welcome!

Next:

Carry out the below for me please and let myself know when completed and or if any problems encoutered doing so.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Create a System Restore point:

  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name(say GTG Backup for example) and click Create.
  • When the new restore point is created click on OK >> close the System properties window.
Reset Windows 7 Firewall:

Click on Start(Windows 7 Orb) >> Control Panel >> Windows Firewall

Now click click on Restore Defaults >> At the UAC prompt click on Yes >> Restore Defaults >> Yes.
  • 0

#12
ntlyke
Posted 02 November 2012 - 11:10 AM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
All done.

ps : Why did always want me to download those programs to Desktop and not to Downloads?

Edit : No errors during this process.

Edited by ntlyke, 02 November 2012 - 11:10 AM.

  • 0

#13
ntlyke
Posted 02 November 2012 - 12:07 PM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
My computer just froze while I was watching something.
  • 0

#14
Dakeyras
Posted 02 November 2012 - 01:59 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Why did always want me to download those programs to Desktop and not to Downloads?

Two reasons really, anything I ask you to download and in turn run is best done so from the desktop. Plus when we come to clean up all the tools used via a specific methodology, the aforementioned being on the desktop is advantageous for the process etc.

My computer just froze while I was watching something.

Acknowledged, do keep myself appraised if such occurs again please. For now lets proceed as follows shall we...

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next reply.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate download is here.

  • Quit all running programs.
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
Please post the contents of the RKreport.txt in your next reply.
  • 0

#15
ntlyke
Posted 03 November 2012 - 07:40 AM

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Adwcleaner :

# AdwCleaner v2.006 - Datei am 03/11/2012 um 14:33:01 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Soner - SONER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Soner\Desktop\AdwCleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Soner\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Soner\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (tr)

Profilname : default
Datei : C:\Users\Soner\AppData\Roaming\Mozilla\Firefox\Profiles\ven14gag.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48",
Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]
Gefunden [l.1481] : homepage = "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48",
Gefunden [l.1670] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [1696 octets] - [03/11/2012 14:33:01]

########## EOF - C:\AdwCleaner[R1].txt - [1756 octets] ##########





RK:

RogueKiller V8.2.1 [10/29/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Soner [Admin Rechte]
Funktion : Scannen -- Datum : 11/03/2012 14:37:53

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-00A0RT0 ATA Device +++++
--- User ---
[MBR] f30cd2c72714e156b44264d9af3db080
[BSP] 3b6fe5f88d06c1f79063acd85d32978f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[1].txt >>
RKreport[1].txt



p.s : I guess RK tells me to delete some registry but I am not sure. Should I delete them?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP