Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei ucash Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.11.2011, 20:11   #1
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



hallo,


das hier ist mein erster beitrag also vorneweg sorry für fehler.

ich habe mir leider diesen virus eingefangen " bundespolizei ucash".

ich habe vorher in ihrem thread gelesen und habe das programm Malwarebytes runtergeladen und alles durchgeführt nun will ich das ergebniss posten. ich hoffe ihr könnt mir weiter helfen!


Gruß
Ahmet

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8097

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

06.11.2011 19:56:08
mbam-log-2011-11-06 (19-56-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184356
Laufzeit: 1 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avupdate (Trojan.Agent) -> Value: avupdate -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\ahmet kocagenis\AppData\Roaming\mahmud.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Alt 07.11.2011, 13:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 08.11.2011, 20:48   #3
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



einmal der log vom vollscan


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8115

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

08.11.2011 20:07:38
mbam-log-2011-11-08 (20-07-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|)
Durchsuchte Objekte: 314725
Laufzeit: 28 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 09.11.2011, 06:39   #4
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



hier der log vom andern scan.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64c63d83ce5d554c8df67d579a504251
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-08 06:38:11
# local_time=2011-11-08 07:38:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2069884 2069884 0 0
# compatibility_mode=5893 16776573 100 94 8480 72402493 0 0
# compatibility_mode=8192 67108863 100 0 3749 3749 0 0
# scanned=60178
# found=3
# cleaned=0
# scan_time=4849
C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J73US8G2\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5P62HCC\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ahmet Kocagenis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\6304e921-64d0fc71 a variant of Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64c63d83ce5d554c8df67d579a504251
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-08 09:45:20
# local_time=2011-11-08 10:45:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2079022 2079022 0 0
# compatibility_mode=5893 16776573 100 94 17618 72411631 0 0
# compatibility_mode=8192 67108863 100 0 12887 12887 0 0
# scanned=139230
# found=3
# cleaned=0
# scan_time=6939
C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J73US8G2\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5P62HCC\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ahmet Kocagenis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\6304e921-64d0fc71 a variant of Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I

Alt 09.11.2011, 10:04   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.11.2011, 15:44   #6
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



hier der scanOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.11.2011 15:17:40 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Ahmet Kocagenis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 4,04 Gb Available Physical Memory | 68,25% Memory free
11,83 Gb Paging File | 9,69 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 183,59 Gb Free Space | 76,99% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 332,60 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ASUSAHMET | User Name: Ahmet Kocagenis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.09 15:12:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmet Kocagenis\Downloads\OTL.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.12 16:40:06 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.16 18:08:21 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.06.09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.05.18 18:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.11.15 09:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.11.12 08:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.19 20:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 20:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.02.03 08:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.12 16:40:06 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.18 18:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011.03.02 05:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.12 23:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 03:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.12.13 14:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.14 23:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Asus | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Asus | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ahmet Kocagenis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.06 07:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.04 14:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Extensions
[2011.11.08 16:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions
[2011.10.27 11:19:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.08 16:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions\trash
[2011.09.04 14:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.06 07:26:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.06 07:26:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 07:26:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 07:26:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 07:26:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 07:26:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 07:26:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - Startup: C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BD83DD-CE54-44D9-A85D-861634AD816E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.09 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{5EB31E19-4DE1-4D1D-AC62-5DF95E1034CE}
[2011.11.08 18:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.08 18:14:20 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ahmet Kocagenis\Desktop\esetsmartinstaller_enu.exe
[2011.11.08 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2DA5CAB6-AA80-4110-88E6-F8D5C0011637}
[2011.11.07 15:07:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C7584C9B-78F6-4BFE-9359-C102A38E8C57}
[2011.11.07 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2FB58084-E249-4413-A9B3-E608B4B7065C}
[2011.11.07 09:51:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2282D77C-183A-4FE9-9C68-78AAE1DF49B6}
[2011.11.06 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
[2011.11.06 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.06 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.06 19:47:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.06 19:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.06 19:38:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.11.06 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8A476458-46B8-4B9A-B21F-9B8E8D353005}
[2011.11.06 15:59:55 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{B8AAB0D6-87EC-4151-898A-E24CB7187AE5}
[2011.11.05 22:06:39 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{04F8D4BF-C88B-43E2-9193-42BFA0957642}
[2011.11.05 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8B1E9642-6281-4B8E-8F63-3574C47BE0F8}
[2011.11.05 09:33:33 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{34B96B51-89EE-46EB-9433-BC9775D3E4C9}
[2011.11.04 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{7B5B6620-FCC9-4147-9530-7E7054B7BFCC}
[2011.11.04 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{45E396E4-D00A-46C1-BF7A-28C9DB6EEB09}
[2011.11.04 09:19:00 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D52AEC4-22C6-49DA-8858-7985725F57EF}
[2011.11.03 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8FA2C843-6D04-4D28-AD10-C20EDCF543EC}
[2011.11.02 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1CAB58EF-A78D-484C-8879-9B3AB1782B11}
[2011.11.02 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{34FBA4B8-1BA3-4263-A5AB-89179E8A7D77}
[2011.11.02 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{46FCEA06-0A83-4C24-B452-E97EA3FA5AD8}
[2011.11.02 15:20:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EF5CE282-98DA-4696-B6EF-BAD4CF461062}
[2011.11.01 22:12:55 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{5CBBFDBF-CB18-4D52-BC6E-C608F9208345}
[2011.11.01 16:33:41 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D489DA4-C673-432F-A8C1-39A789A8C184}
[2011.10.31 19:14:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{459D7237-05DE-47D8-A116-A940B6914C1F}
[2011.10.30 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{60D5C737-0B91-4D80-9817-E38A199D231A}
[2011.10.30 11:45:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{01E0F387-75B6-4FF4-8C24-3F59A34A1ACB}
[2011.10.30 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{42845A5D-2C21-43CB-BB9B-58976CEDB333}
[2011.10.29 20:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011.10.29 20:42:19 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BB8AF377-185A-4A07-9606-95D1ABF4780C}
[2011.10.29 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{A050385D-BFF0-4AB4-8A13-3220263C282B}
[2011.10.29 16:18:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C1A6BE1D-5A87-4FD7-8289-D78403250322}
[2011.10.29 09:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.10.29 09:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.10.28 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D41946B5-C52D-4B9D-9F51-0BAC274FC3B2}
[2011.10.28 07:17:43 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Documents\Vuze Downloads
[2011.10.28 07:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xobni
[2011.10.28 07:16:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Xobni
[2011.10.28 07:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xobni
[2011.10.28 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\.swt
[2011.10.28 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus
[2011.10.28 07:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2011.10.28 06:59:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F3575633-8DD9-4348-916D-5B3482681175}
[2011.10.27 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{6FD6A7DD-5259-4BF0-AF23-DBCB00E04707}
[2011.10.27 12:58:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{09129068-1134-4792-9F3C-58023379D0C1}
[2011.10.27 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
[2011.10.27 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D89968C7-3140-441C-8B8B-203D782A0130}
[2011.10.27 11:19:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.27 11:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.10.27 11:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.10.27 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Documents\DVDVideoSoft
[2011.10.27 11:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.10.27 11:16:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Desktop\Selvet Flug
[2011.10.27 11:14:32 | 015,170,608 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Ahmet Kocagenis\Desktop\FreeYouTubeToMP3Converter31011.exe
[2011.10.27 09:52:49 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2760CDE1-FB61-47A2-AE78-734F51DAC536}
[2011.10.27 06:04:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2E44DEDA-D92F-415A-98DD-6CD6CBC5DDAC}
[2011.10.26 20:27:39 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EA2A46AA-3FB7-4F9B-84EB-C7275A37F38C}
[2011.10.26 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C06B7D0D-95E5-498E-ACB7-506CDC25782F}
[2011.10.25 11:22:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{E23DF75B-9DFF-402F-84E7-1EEC76D62696}
[2011.10.25 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{202A9EB9-FE7F-4B3A-BA6B-2DB78E7FA395}
[2011.10.24 19:43:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1C729B81-E758-4886-B7D5-4E417D2B5D44}
[2011.10.24 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{30A6E201-5E3A-484D-AD64-815F3C6C42FD}
[2011.10.23 21:54:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D25F38E6-F59D-4D95-97A4-F6838E046152}
[2011.10.23 09:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{7B26C292-03E1-4A0F-B7C1-5B1F725C3034}
[2011.10.22 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{44CEFEDD-C867-4098-AA82-A0D96A222369}
[2011.10.22 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{466ECDB2-0337-4BA9-AEE4-5AE6DF687558}
[2011.10.22 10:59:15 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F45F6C93-B549-4E24-B7FE-FCBF4C9A35F1}
[2011.10.21 23:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{91F11EE3-6A28-4AE6-A5F8-6E028E1407ED}
[2011.10.21 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D421B81-AFDF-49B5-BBAE-A0A61B176243}
[2011.10.21 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EAEDD356-9884-45E8-BBFA-ED08A20B6EC5}
[2011.10.20 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{884FE75E-0B18-4C07-8782-F5AC6863A932}
[2011.10.20 12:06:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{87EAA8FD-A66E-4D1F-A62B-492CEDFA49A0}
[2011.10.20 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{80FA91AE-F08C-4F06-A81D-768A7F572093}
[2011.10.20 10:01:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{998B36C3-FEA0-4209-AFCA-23A2FD1A3357}
[2011.10.19 20:33:55 | 000,000,000 | ---D | C] -- C:\Windows\wb
[2011.10.19 19:46:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Desktop\UNI
[2011.10.19 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.10.19 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.10.19 18:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011.10.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011.10.19 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.10.19 18:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.10.19 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft Help
[2011.10.19 18:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.10.19 18:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.10.19 17:11:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
[2011.10.19 07:40:25 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{21C29734-A0A4-467B-A9AE-C0C9B4441DD8}
[2011.10.18 17:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BFEB0C49-8933-431A-867A-B2544BFE1135}
[2011.10.18 15:11:30 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{827E5185-0712-49D6-A935-22903F5AD69C}
[2011.10.18 05:30:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EF97C8B2-D214-4FFB-86ED-184625212190}
[2011.10.17 08:48:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{567CA159-3852-4D37-B53F-ABA27A25D577}
[2011.10.17 07:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D27A87AC-6630-40C8-AE4B-9880FCA92A14}
[2011.10.16 09:01:22 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C92EB79D-98D3-48D5-AA98-CCA91D7284E8}
[2011.10.15 22:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{CEF15B66-CCAC-4053-BCB4-331E7ECADAD3}
[2011.10.15 22:15:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{60A918DC-9BF0-43E4-A59A-C5EC3216B1E9}
[2011.10.15 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Avira
[2011.10.15 19:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.15 19:19:41 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.15 19:19:41 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.15 19:19:41 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.15 19:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.15 19:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.15 18:54:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.10.15 10:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.10.15 10:14:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{3AF5ECFD-2D4B-4597-B001-F0764DE4A191}
[2011.10.15 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{362ED212-F7C3-4F84-B7FD-EDEEBA17AADD}
[2011.10.14 09:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity
[2011.10.14 08:25:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Unity
[2011.10.14 07:46:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1E03E1D5-ACAE-4227-807F-07664997523F}
[2011.10.14 07:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F312D6B6-EEB9-4FB7-81B5-B88E555510A7}
[2011.10.13 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{18A8FD01-95BE-4E11-9CE5-0A790584EB50}
[2011.10.13 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BDACDA19-1E92-4F7B-932C-CD64F935C998}
[2011.10.12 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{65B02D19-078C-4B34-B9B1-64E8EA42860B}
[2011.10.12 21:37:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{673FAE5D-C497-4E7A-A661-5AE88A043993}
[2011.10.12 15:27:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.12 09:20:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{CA498DBD-2467-492D-A98A-703282AC0246}
[2011.10.12 09:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{DA5C55B5-C3DB-4A9A-A738-7CDE8C1DCC9B}
[2011.10.11 20:53:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{E1C9A678-A64B-46CC-A716-9BE2719D23B1}
[2011.10.10 22:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
[2011.10.10 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Diagnostics
[2011.10.10 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F0ACAE61-F711-41DB-B4E4-FE2D9A5662CB}
[2011.10.10 19:48:25 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D35B9951-7A5B-49B5-8FF4-AA12419D9ECE}
[2011.10.10 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.09 15:15:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.09 15:15:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.09 15:07:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011.11.09 15:07:46 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.09 15:07:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.09 15:07:26 | 467,787,775 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.09 05:45:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.09 03:04:17 | 001,552,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.09 03:04:17 | 000,666,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.09 03:04:17 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.09 03:04:17 | 000,133,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.09 03:04:17 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.08 18:14:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ahmet Kocagenis\Desktop\esetsmartinstaller_enu.exe
[2011.11.07 09:50:02 | 000,002,246 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.11.06 20:27:35 | 000,001,257 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.11.06 19:47:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.28 10:56:42 | 000,000,466 | ---- | M] () -- C:\DATA (D) - Verknüpfung.lnk
[2011.10.28 07:14:51 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011.10.27 11:19:12 | 000,001,297 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Free Audio CD Burner.lnk
[2011.10.27 11:19:12 | 000,001,241 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\DVDVideoSoft Free Studio.lnk
[2011.10.27 11:19:12 | 000,001,156 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Free YouTube to MP3 Converter.lnk
[2011.10.27 11:14:36 | 015,170,608 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Ahmet Kocagenis\Desktop\FreeYouTubeToMP3Converter31011.exe
[2011.10.20 10:09:19 | 000,001,075 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Darklord - Verknüpfung.lnk
[2011.10.20 10:00:23 | 000,414,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.19 19:46:05 | 000,001,351 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Sticky Notes.lnk
[2011.10.15 19:19:51 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2011.11.06 19:47:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.28 10:56:42 | 000,000,466 | ---- | C] () -- C:\DATA (D) - Verknüpfung.lnk
[2011.10.28 07:14:51 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011.10.28 07:14:51 | 000,001,850 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011.10.27 11:19:12 | 000,001,297 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Free Audio CD Burner.lnk
[2011.10.27 11:19:12 | 000,001,241 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\DVDVideoSoft Free Studio.lnk
[2011.10.27 11:19:12 | 000,001,156 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Free YouTube to MP3 Converter.lnk
[2011.10.20 10:08:23 | 000,001,075 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Darklord - Verknüpfung.lnk
[2011.10.19 19:46:05 | 000,001,351 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Sticky Notes.lnk
[2011.10.15 19:19:51 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.09.11 19:17:34 | 000,001,432 | ---- | C] () -- C:\Windows\cxqrf32.ini
[2011.08.30 15:38:52 | 008,618,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.16 18:07:02 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.07.16 18:07:00 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.07.16 18:06:59 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.07.16 18:00:27 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.04.20 09:18:54 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.20 09:18:46 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.20 09:18:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
 
========== LOP Check ==========
 
[2011.08.26 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Asus WebStorage
[2011.11.04 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus
[2011.10.19 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
[2011.10.27 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
[2011.10.27 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Nuance
[2011.09.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\PhotoFiltre
[2011.10.19 17:01:04 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\SoftGrid Client
[2011.08.30 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\TP
[2011.10.14 09:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity
[2011.08.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Zeon
[2011.10.16 09:00:49 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.26 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Adobe
[2011.08.26 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Asus WebStorage
[2011.10.15 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Avira
[2011.11.04 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus
[2011.10.19 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
[2011.10.19 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\CyberLink
[2011.10.27 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
[2011.10.27 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 18:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\FLEXnet
[2011.08.26 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Identities
[2011.08.26 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Macromedia
[2011.11.06 19:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Media Center Programs
[2011.11.06 19:25:07 | 000,000,000 | --SD | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft
[2011.09.04 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Mozilla
[2011.08.26 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Nuance
[2011.09.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\PhotoFiltre
[2011.10.19 17:01:04 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\SoftGrid Client
[2011.08.30 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\TP
[2011.10.14 09:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity
[2011.09.14 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\WinRAR
[2011.08.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.10.28 07:15:50 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.10.12 15:26:58 | 008,107,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---

Alt 09.11.2011, 15:45   #7
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



hier das OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.11.2011 15:17:40 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Ahmet Kocagenis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 4,04 Gb Available Physical Memory | 68,25% Memory free
11,83 Gb Paging File | 9,69 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 183,59 Gb Free Space | 76,99% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 332,60 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ASUSAHMET | User Name: Ahmet Kocagenis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.09 15:12:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmet Kocagenis\Downloads\OTL.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.12 16:40:06 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.16 18:08:21 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.06.09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.05.18 18:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.11.15 09:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.11.12 08:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.19 20:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 20:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.02.03 08:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.12 16:40:06 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.18 18:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011.03.02 05:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.12 23:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 03:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.12.13 14:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.14 23:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goggle.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ahmet Kocagenis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.06 07:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.04 14:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Extensions
[2011.11.08 16:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions
[2011.10.27 11:19:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.08 16:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions\trash
[2011.09.04 14:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.06 07:26:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.06 07:26:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 07:26:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 07:26:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 07:26:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 07:26:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 07:26:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - Startup: C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BD83DD-CE54-44D9-A85D-861634AD816E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.09 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{5EB31E19-4DE1-4D1D-AC62-5DF95E1034CE}
[2011.11.08 18:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.08 18:14:20 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ahmet Kocagenis\Desktop\esetsmartinstaller_enu.exe
[2011.11.08 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2DA5CAB6-AA80-4110-88E6-F8D5C0011637}
[2011.11.07 15:07:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C7584C9B-78F6-4BFE-9359-C102A38E8C57}
[2011.11.07 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2FB58084-E249-4413-A9B3-E608B4B7065C}
[2011.11.07 09:51:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2282D77C-183A-4FE9-9C68-78AAE1DF49B6}
[2011.11.06 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
[2011.11.06 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.06 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.06 19:47:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.06 19:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.06 19:38:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.11.06 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8A476458-46B8-4B9A-B21F-9B8E8D353005}
[2011.11.06 15:59:55 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{B8AAB0D6-87EC-4151-898A-E24CB7187AE5}
[2011.11.05 22:06:39 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{04F8D4BF-C88B-43E2-9193-42BFA0957642}
[2011.11.05 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8B1E9642-6281-4B8E-8F63-3574C47BE0F8}
[2011.11.05 09:33:33 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{34B96B51-89EE-46EB-9433-BC9775D3E4C9}
[2011.11.04 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{7B5B6620-FCC9-4147-9530-7E7054B7BFCC}
[2011.11.04 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{45E396E4-D00A-46C1-BF7A-28C9DB6EEB09}
[2011.11.04 09:19:00 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D52AEC4-22C6-49DA-8858-7985725F57EF}
[2011.11.03 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8FA2C843-6D04-4D28-AD10-C20EDCF543EC}
[2011.11.02 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1CAB58EF-A78D-484C-8879-9B3AB1782B11}
[2011.11.02 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{34FBA4B8-1BA3-4263-A5AB-89179E8A7D77}
[2011.11.02 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{46FCEA06-0A83-4C24-B452-E97EA3FA5AD8}
[2011.11.02 15:20:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EF5CE282-98DA-4696-B6EF-BAD4CF461062}
[2011.11.01 22:12:55 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{5CBBFDBF-CB18-4D52-BC6E-C608F9208345}
[2011.11.01 16:33:41 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D489DA4-C673-432F-A8C1-39A789A8C184}
[2011.10.31 19:14:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{459D7237-05DE-47D8-A116-A940B6914C1F}
[2011.10.30 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{60D5C737-0B91-4D80-9817-E38A199D231A}
[2011.10.30 11:45:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{01E0F387-75B6-4FF4-8C24-3F59A34A1ACB}
[2011.10.30 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{42845A5D-2C21-43CB-BB9B-58976CEDB333}
[2011.10.29 20:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011.10.29 20:42:19 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BB8AF377-185A-4A07-9606-95D1ABF4780C}
[2011.10.29 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{A050385D-BFF0-4AB4-8A13-3220263C282B}
[2011.10.29 16:18:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C1A6BE1D-5A87-4FD7-8289-D78403250322}
[2011.10.29 09:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.10.29 09:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.10.28 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D41946B5-C52D-4B9D-9F51-0BAC274FC3B2}
[2011.10.28 07:17:43 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Documents\Vuze Downloads
[2011.10.28 07:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xobni
[2011.10.28 07:16:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Xobni
[2011.10.28 07:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xobni
[2011.10.28 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\.swt
[2011.10.28 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus
[2011.10.28 07:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2011.10.28 06:59:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F3575633-8DD9-4348-916D-5B3482681175}
[2011.10.27 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{6FD6A7DD-5259-4BF0-AF23-DBCB00E04707}
[2011.10.27 12:58:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{09129068-1134-4792-9F3C-58023379D0C1}
[2011.10.27 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
[2011.10.27 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D89968C7-3140-441C-8B8B-203D782A0130}
[2011.10.27 11:19:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.27 11:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.10.27 11:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.10.27 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Documents\DVDVideoSoft
[2011.10.27 11:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.10.27 11:16:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Desktop\Selvet Flug
[2011.10.27 11:14:32 | 015,170,608 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Ahmet Kocagenis\Desktop\FreeYouTubeToMP3Converter31011.exe
[2011.10.27 09:52:49 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2760CDE1-FB61-47A2-AE78-734F51DAC536}
[2011.10.27 06:04:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2E44DEDA-D92F-415A-98DD-6CD6CBC5DDAC}
[2011.10.26 20:27:39 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EA2A46AA-3FB7-4F9B-84EB-C7275A37F38C}
[2011.10.26 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C06B7D0D-95E5-498E-ACB7-506CDC25782F}
[2011.10.25 11:22:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{E23DF75B-9DFF-402F-84E7-1EEC76D62696}
[2011.10.25 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{202A9EB9-FE7F-4B3A-BA6B-2DB78E7FA395}
[2011.10.24 19:43:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1C729B81-E758-4886-B7D5-4E417D2B5D44}
[2011.10.24 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{30A6E201-5E3A-484D-AD64-815F3C6C42FD}
[2011.10.23 21:54:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D25F38E6-F59D-4D95-97A4-F6838E046152}
[2011.10.23 09:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{7B26C292-03E1-4A0F-B7C1-5B1F725C3034}
[2011.10.22 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{44CEFEDD-C867-4098-AA82-A0D96A222369}
[2011.10.22 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{466ECDB2-0337-4BA9-AEE4-5AE6DF687558}
[2011.10.22 10:59:15 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F45F6C93-B549-4E24-B7FE-FCBF4C9A35F1}
[2011.10.21 23:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{91F11EE3-6A28-4AE6-A5F8-6E028E1407ED}
[2011.10.21 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D421B81-AFDF-49B5-BBAE-A0A61B176243}
[2011.10.21 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EAEDD356-9884-45E8-BBFA-ED08A20B6EC5}
[2011.10.20 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{884FE75E-0B18-4C07-8782-F5AC6863A932}
[2011.10.20 12:06:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{87EAA8FD-A66E-4D1F-A62B-492CEDFA49A0}
[2011.10.20 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{80FA91AE-F08C-4F06-A81D-768A7F572093}
[2011.10.20 10:01:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{998B36C3-FEA0-4209-AFCA-23A2FD1A3357}
[2011.10.19 20:33:55 | 000,000,000 | ---D | C] -- C:\Windows\wb
[2011.10.19 19:46:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Desktop\UNI
[2011.10.19 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.10.19 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.10.19 18:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011.10.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011.10.19 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.10.19 18:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.10.19 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft Help
[2011.10.19 18:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.10.19 18:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.10.19 17:11:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
[2011.10.19 07:40:25 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{21C29734-A0A4-467B-A9AE-C0C9B4441DD8}
[2011.10.18 17:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BFEB0C49-8933-431A-867A-B2544BFE1135}
[2011.10.18 15:11:30 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{827E5185-0712-49D6-A935-22903F5AD69C}
[2011.10.18 05:30:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EF97C8B2-D214-4FFB-86ED-184625212190}
[2011.10.17 08:48:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{567CA159-3852-4D37-B53F-ABA27A25D577}
[2011.10.17 07:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D27A87AC-6630-40C8-AE4B-9880FCA92A14}
[2011.10.16 09:01:22 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C92EB79D-98D3-48D5-AA98-CCA91D7284E8}
[2011.10.15 22:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{CEF15B66-CCAC-4053-BCB4-331E7ECADAD3}
[2011.10.15 22:15:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{60A918DC-9BF0-43E4-A59A-C5EC3216B1E9}
[2011.10.15 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Avira
[2011.10.15 19:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.15 19:19:41 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.15 19:19:41 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.15 19:19:41 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.15 19:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.15 19:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.15 18:54:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.10.15 10:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.10.15 10:14:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{3AF5ECFD-2D4B-4597-B001-F0764DE4A191}
[2011.10.15 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{362ED212-F7C3-4F84-B7FD-EDEEBA17AADD}
[2011.10.14 09:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity
[2011.10.14 08:25:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Unity
[2011.10.14 07:46:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1E03E1D5-ACAE-4227-807F-07664997523F}
[2011.10.14 07:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F312D6B6-EEB9-4FB7-81B5-B88E555510A7}
[2011.10.13 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{18A8FD01-95BE-4E11-9CE5-0A790584EB50}
[2011.10.13 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BDACDA19-1E92-4F7B-932C-CD64F935C998}
[2011.10.12 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{65B02D19-078C-4B34-B9B1-64E8EA42860B}
[2011.10.12 21:37:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{673FAE5D-C497-4E7A-A661-5AE88A043993}
[2011.10.12 15:27:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.12 09:20:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{CA498DBD-2467-492D-A98A-703282AC0246}
[2011.10.12 09:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{DA5C55B5-C3DB-4A9A-A738-7CDE8C1DCC9B}
[2011.10.11 20:53:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{E1C9A678-A64B-46CC-A716-9BE2719D23B1}
[2011.10.10 22:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
[2011.10.10 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Diagnostics
[2011.10.10 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F0ACAE61-F711-41DB-B4E4-FE2D9A5662CB}
[2011.10.10 19:48:25 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D35B9951-7A5B-49B5-8FF4-AA12419D9ECE}
[2011.10.10 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.09 15:15:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.09 15:15:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.09 15:07:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011.11.09 15:07:46 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.09 15:07:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.09 15:07:26 | 467,787,775 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.09 05:45:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.09 03:04:17 | 001,552,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.09 03:04:17 | 000,666,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.09 03:04:17 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.09 03:04:17 | 000,133,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.09 03:04:17 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.08 18:14:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ahmet Kocagenis\Desktop\esetsmartinstaller_enu.exe
[2011.11.07 09:50:02 | 000,002,246 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.11.06 20:27:35 | 000,001,257 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.11.06 19:47:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.28 10:56:42 | 000,000,466 | ---- | M] () -- C:\DATA (D) - Verknüpfung.lnk
[2011.10.28 07:14:51 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011.10.27 11:19:12 | 000,001,297 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Free Audio CD Burner.lnk
[2011.10.27 11:19:12 | 000,001,241 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\DVDVideoSoft Free Studio.lnk
[2011.10.27 11:19:12 | 000,001,156 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Free YouTube to MP3 Converter.lnk
[2011.10.27 11:14:36 | 015,170,608 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Ahmet Kocagenis\Desktop\FreeYouTubeToMP3Converter31011.exe
[2011.10.20 10:09:19 | 000,001,075 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Darklord - Verknüpfung.lnk
[2011.10.20 10:00:23 | 000,414,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.19 19:46:05 | 000,001,351 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Sticky Notes.lnk
[2011.10.15 19:19:51 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2011.11.06 19:47:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.28 10:56:42 | 000,000,466 | ---- | C] () -- C:\DATA (D) - Verknüpfung.lnk
[2011.10.28 07:14:51 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011.10.28 07:14:51 | 000,001,850 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011.10.27 11:19:12 | 000,001,297 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Free Audio CD Burner.lnk
[2011.10.27 11:19:12 | 000,001,241 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\DVDVideoSoft Free Studio.lnk
[2011.10.27 11:19:12 | 000,001,156 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Free YouTube to MP3 Converter.lnk
[2011.10.20 10:08:23 | 000,001,075 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Darklord - Verknüpfung.lnk
[2011.10.19 19:46:05 | 000,001,351 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Sticky Notes.lnk
[2011.10.15 19:19:51 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.09.11 19:17:34 | 000,001,432 | ---- | C] () -- C:\Windows\cxqrf32.ini
[2011.08.30 15:38:52 | 008,618,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.16 18:07:02 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.07.16 18:07:00 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.07.16 18:06:59 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.07.16 18:00:27 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.04.20 09:18:54 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.20 09:18:46 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.20 09:18:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
 
========== LOP Check ==========
 
[2011.08.26 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Asus WebStorage
[2011.11.04 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus
[2011.10.19 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
[2011.10.27 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
[2011.10.27 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Nuance
[2011.09.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\PhotoFiltre
[2011.10.19 17:01:04 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\SoftGrid Client
[2011.08.30 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\TP
[2011.10.14 09:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity
[2011.08.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Zeon
[2011.10.16 09:00:49 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.26 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Adobe
[2011.08.26 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Asus WebStorage
[2011.10.15 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Avira
[2011.11.04 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus
[2011.10.19 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
[2011.10.19 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\CyberLink
[2011.10.27 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
[2011.10.27 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 18:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\FLEXnet
[2011.08.26 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Identities
[2011.08.26 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Macromedia
[2011.11.06 19:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Media Center Programs
[2011.11.06 19:25:07 | 000,000,000 | --SD | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft
[2011.09.04 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Mozilla
[2011.08.26 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Nuance
[2011.09.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\PhotoFiltre
[2011.10.19 17:01:04 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\SoftGrid Client
[2011.08.30 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\TP
[2011.10.14 09:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity
[2011.09.14 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\WinRAR
[2011.08.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.10.28 07:15:50 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.10.12 15:26:58 | 008,107,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---

Alt 10.11.2011, 09:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.11.2011, 22:09   #9
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



hier das log:

aber den unteren teil deines letzten post hab ich nicht ganz verstanden oder ist das schon egal?


22:01:04.0313 3648 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26
22:01:04.0727 3648 ============================================================
22:01:04.0728 3648 Current date / time: 2011/11/10 22:01:04.0727
22:01:04.0728 3648 SystemInfo:
22:01:04.0728 3648
22:01:04.0728 3648 OS Version: 6.1.7601 ServicePack: 1.0
22:01:04.0728 3648 Product type: Workstation
22:01:04.0728 3648 ComputerName: ASUSAHMET
22:01:04.0728 3648 UserName: Ahmet Kocagenis
22:01:04.0728 3648 Windows directory: C:\Windows
22:01:04.0728 3648 System windows directory: C:\Windows
22:01:04.0729 3648 Running under WOW64
22:01:04.0729 3648 Processor architecture: Intel x64
22:01:04.0729 3648 Number of processors: 8
22:01:04.0729 3648 Page size: 0x1000
22:01:04.0729 3648 Boot type: Normal boot
22:01:04.0729 3648 ============================================================
22:01:05.0274 3648 Initialize success
22:01:50.0828 3204 ============================================================
22:01:50.0828 3204 Scan started
22:01:50.0828 3204 Mode: Manual; SigCheck; TDLFS;
22:01:50.0828 3204 ============================================================
22:01:51.0387 3204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:01:51.0640 3204 1394ohci - ok
22:01:51.0701 3204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:01:51.0740 3204 ACPI - ok
22:01:51.0754 3204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:01:51.0876 3204 AcpiPmi - ok
22:01:51.0952 3204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:01:52.0021 3204 adp94xx - ok
22:01:52.0059 3204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:01:52.0108 3204 adpahci - ok
22:01:52.0124 3204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:01:52.0164 3204 adpu320 - ok
22:01:52.0251 3204 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:01:52.0341 3204 AFD - ok
22:01:52.0404 3204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:01:52.0436 3204 agp440 - ok
22:01:52.0486 3204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:01:52.0513 3204 aliide - ok
22:01:52.0526 3204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:01:52.0553 3204 amdide - ok
22:01:52.0567 3204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:01:52.0652 3204 AmdK8 - ok
22:01:52.0668 3204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:01:52.0746 3204 AmdPPM - ok
22:01:52.0813 3204 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:01:52.0848 3204 amdsata - ok
22:01:52.0864 3204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:01:52.0903 3204 amdsbs - ok
22:01:52.0932 3204 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:01:52.0962 3204 amdxata - ok
22:01:53.0061 3204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:01:53.0309 3204 AppID - ok
22:01:53.0348 3204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:01:53.0385 3204 arc - ok
22:01:53.0401 3204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:01:53.0437 3204 arcsas - ok
22:01:53.0533 3204 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:01:53.0635 3204 ASMMAP64 - ok
22:01:53.0754 3204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:01:53.0998 3204 AsyncMac - ok
22:01:54.0062 3204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:01:54.0092 3204 atapi - ok
22:01:54.0189 3204 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
22:01:54.0376 3204 athr - ok
22:01:54.0528 3204 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:01:54.0551 3204 ATKWMIACPIIO - ok
22:01:54.0733 3204 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:01:54.0764 3204 avgntflt - ok
22:01:54.0858 3204 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
22:01:54.0889 3204 avipbb - ok
22:01:54.0936 3204 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:01:54.0951 3204 avkmgr - ok
22:01:55.0045 3204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:01:55.0184 3204 b06bdrv - ok
22:01:55.0268 3204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:01:55.0360 3204 b57nd60a - ok
22:01:55.0416 3204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:01:55.0508 3204 Beep - ok
22:01:55.0602 3204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:01:55.0669 3204 blbdrive - ok
22:01:55.0733 3204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:01:55.0811 3204 bowser - ok
22:01:55.0873 3204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:01:55.0983 3204 BrFiltLo - ok
22:01:55.0998 3204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:01:56.0061 3204 BrFiltUp - ok
22:01:56.0107 3204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:01:56.0201 3204 Brserid - ok
22:01:56.0263 3204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:01:56.0341 3204 BrSerWdm - ok
22:01:56.0388 3204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:01:56.0466 3204 BrUsbMdm - ok
22:01:56.0513 3204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:01:56.0591 3204 BrUsbSer - ok
22:01:56.0685 3204 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
22:01:56.0778 3204 BthEnum - ok
22:01:56.0825 3204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:01:56.0887 3204 BTHMODEM - ok
22:01:56.0950 3204 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:01:57.0075 3204 BthPan - ok
22:01:57.0153 3204 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
22:01:57.0277 3204 BTHPORT - ok
22:01:57.0340 3204 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
22:01:57.0418 3204 BTHUSB - ok
22:01:57.0496 3204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:01:57.0605 3204 cdfs - ok
22:01:57.0667 3204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:01:57.0730 3204 cdrom - ok
22:01:57.0777 3204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:01:57.0839 3204 circlass - ok
22:01:57.0886 3204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:01:57.0933 3204 CLFS - ok
22:01:58.0120 3204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:01:58.0213 3204 CmBatt - ok
22:01:58.0276 3204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:01:58.0307 3204 cmdide - ok
22:01:58.0401 3204 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:01:58.0479 3204 CNG - ok
22:01:58.0572 3204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:01:58.0603 3204 Compbatt - ok
22:01:58.0713 3204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:01:58.0822 3204 CompositeBus - ok
22:01:59.0134 3204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:01:59.0165 3204 crcdisk - ok
22:01:59.0493 3204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:01:59.0633 3204 DfsC - ok
22:01:59.0805 3204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:01:59.0961 3204 discache - ok
22:02:00.0241 3204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:02:00.0273 3204 Disk - ok
22:02:00.0475 3204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:02:00.0647 3204 drmkaud - ok
22:02:01.0115 3204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:02:01.0193 3204 DXGKrnl - ok
22:02:01.0645 3204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:02:01.0833 3204 ebdrv - ok
22:02:02.0207 3204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:02:02.0254 3204 elxstor - ok
22:02:02.0285 3204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:02:02.0363 3204 ErrDev - ok
22:02:02.0472 3204 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
22:02:02.0519 3204 ETD - ok
22:02:02.0628 3204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:02:02.0769 3204 exfat - ok
22:02:03.0003 3204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:02:03.0159 3204 fastfat - ok
22:02:03.0455 3204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:02:03.0517 3204 fdc - ok
22:02:03.0564 3204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:02:03.0595 3204 FileInfo - ok
22:02:03.0627 3204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:02:04.0126 3204 Filetrace - ok
22:02:04.0157 3204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:02:04.0625 3204 flpydisk - ok
22:02:04.0641 3204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:02:04.0687 3204 FltMgr - ok
22:02:04.0719 3204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:02:04.0750 3204 FsDepends - ok
22:02:04.0797 3204 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
22:02:04.0828 3204 fssfltr - ok
22:02:04.0859 3204 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:02:04.0890 3204 Fs_Rec - ok
22:02:04.0921 3204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:02:04.0953 3204 fvevol - ok
22:02:04.0999 3204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:02:05.0031 3204 gagp30kx - ok
22:02:05.0093 3204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:02:05.0124 3204 hcw85cir - ok
22:02:05.0155 3204 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:02:05.0233 3204 HdAudAddService - ok
22:02:05.0265 3204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:02:05.0327 3204 HDAudBus - ok
22:02:05.0327 3204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:02:05.0389 3204 HidBatt - ok
22:02:05.0421 3204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:02:05.0467 3204 HidBth - ok
22:02:05.0499 3204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:02:05.0577 3204 HidIr - ok
22:02:05.0608 3204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:02:05.0655 3204 HidUsb - ok
22:02:05.0717 3204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:02:05.0748 3204 HpSAMD - ok
22:02:05.0795 3204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:02:05.0935 3204 HTTP - ok
22:02:05.0958 3204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:02:05.0989 3204 hwpolicy - ok
22:02:06.0005 3204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:02:06.0036 3204 i8042prt - ok
22:02:06.0105 3204 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
22:02:06.0140 3204 iaStor - ok
22:02:06.0200 3204 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:02:06.0259 3204 iaStorV - ok
22:02:06.0659 3204 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:02:07.0340 3204 igfx - ok
22:02:07.0465 3204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:02:07.0496 3204 iirsp - ok
22:02:07.0636 3204 IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\Windows\system32\drivers\RTKVHD64.sys
22:02:07.0886 3204 IntcAzAudAddService - ok
22:02:08.0026 3204 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:02:08.0089 3204 IntcDAud - ok
22:02:08.0136 3204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:02:08.0167 3204 intelide - ok
22:02:08.0198 3204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:02:08.0245 3204 intelppm - ok
22:02:08.0292 3204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:02:08.0385 3204 IpFilterDriver - ok
22:02:08.0416 3204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:02:08.0479 3204 IPMIDRV - ok
22:02:08.0494 3204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:02:08.0604 3204 IPNAT - ok
22:02:08.0635 3204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:02:08.0713 3204 IRENUM - ok
22:02:08.0760 3204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:02:08.0791 3204 isapnp - ok
22:02:08.0806 3204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:02:08.0869 3204 iScsiPrt - ok
22:02:08.0916 3204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:02:08.0947 3204 kbdclass - ok
22:02:08.0978 3204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:02:09.0025 3204 kbdhid - ok
22:02:09.0134 3204 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
22:02:09.0150 3204 kbfiltr - ok
22:02:09.0196 3204 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:02:09.0228 3204 KSecDD - ok
22:02:09.0243 3204 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:02:09.0290 3204 KSecPkg - ok
22:02:09.0306 3204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:02:09.0415 3204 ksthunk - ok
22:02:09.0477 3204 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:02:09.0508 3204 L1C - ok
22:02:09.0586 3204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:02:09.0711 3204 lltdio - ok
22:02:09.0961 3204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:02:10.0008 3204 LSI_FC - ok
22:02:10.0023 3204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:02:10.0054 3204 LSI_SAS - ok
22:02:10.0070 3204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:02:10.0101 3204 LSI_SAS2 - ok
22:02:10.0117 3204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:02:10.0148 3204 LSI_SCSI - ok
22:02:10.0195 3204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:02:10.0304 3204 luafv - ok
22:02:10.0366 3204 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
22:02:10.0382 3204 MBAMProtector - ok
22:02:10.0413 3204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:02:10.0444 3204 megasas - ok
22:02:10.0476 3204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:02:10.0522 3204 MegaSR - ok
22:02:10.0569 3204 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
22:02:10.0585 3204 MEIx64 - ok
22:02:10.0663 3204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:02:10.0756 3204 Modem - ok
22:02:10.0803 3204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:02:10.0850 3204 monitor - ok
22:02:10.0944 3204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:02:10.0975 3204 mouclass - ok
22:02:11.0006 3204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:02:11.0068 3204 mouhid - ok
22:02:11.0100 3204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:02:11.0115 3204 mountmgr - ok
22:02:11.0131 3204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:02:11.0178 3204 mpio - ok
22:02:11.0193 3204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:02:11.0302 3204 mpsdrv - ok
22:02:11.0318 3204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:02:11.0443 3204 MRxDAV - ok
22:02:11.0490 3204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:02:11.0568 3204 mrxsmb - ok
22:02:11.0614 3204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:02:11.0661 3204 mrxsmb10 - ok
22:02:11.0692 3204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:02:11.0739 3204 mrxsmb20 - ok
22:02:11.0786 3204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:02:11.0817 3204 msahci - ok
22:02:11.0833 3204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:02:11.0880 3204 msdsm - ok
22:02:11.0911 3204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:02:12.0036 3204 Msfs - ok
22:02:12.0067 3204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:02:12.0176 3204 mshidkmdf - ok
22:02:12.0207 3204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:02:12.0238 3204 msisadrv - ok
22:02:12.0270 3204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:02:12.0363 3204 MSKSSRV - ok
22:02:12.0379 3204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:02:12.0488 3204 MSPCLOCK - ok
22:02:12.0504 3204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:02:12.0613 3204 MSPQM - ok
22:02:12.0644 3204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:02:12.0691 3204 MsRPC - ok
22:02:12.0722 3204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:02:12.0738 3204 mssmbios - ok
22:02:12.0769 3204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:02:12.0878 3204 MSTEE - ok
22:02:12.0894 3204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:02:12.0940 3204 MTConfig - ok
22:02:12.0972 3204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:02:13.0003 3204 Mup - ok
22:02:13.0065 3204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:02:13.0159 3204 NativeWifiP - ok
22:02:13.0299 3204 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
22:02:13.0393 3204 NDIS - ok
22:02:13.0424 3204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:02:13.0533 3204 NdisCap - ok
22:02:13.0580 3204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:02:13.0689 3204 NdisTapi - ok
22:02:13.0767 3204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:02:13.0876 3204 Ndisuio - ok
22:02:13.0892 3204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:02:14.0001 3204 NdisWan - ok
22:02:14.0032 3204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:02:14.0142 3204 NDProxy - ok
22:02:14.0173 3204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:02:14.0282 3204 NetBIOS - ok
22:02:14.0298 3204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:02:14.0407 3204 NetBT - ok
22:02:14.0563 3204 netr28x (f1814e62eb6e50472afc9903525ecec1) C:\Windows\system32\DRIVERS\netr28x.sys
22:02:14.0688 3204 netr28x - ok
22:02:14.0734 3204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:02:14.0766 3204 nfrd960 - ok
22:02:14.0828 3204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:02:14.0922 3204 Npfs - ok
22:02:14.0953 3204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:02:15.0046 3204 nsiproxy - ok
22:02:15.0140 3204 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:02:15.0312 3204 Ntfs - ok
22:02:15.0343 3204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:02:15.0468 3204 Null - ok
22:02:15.0951 3204 nvlddmkm (41a7c6ed2bab4c304633b785c884a912) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:02:16.0700 3204 nvlddmkm - ok
22:02:16.0731 3204 nvpciflt (d542153cb23459b8aad88cf17e36b670) C:\Windows\system32\DRIVERS\nvpciflt.sys
22:02:16.0747 3204 nvpciflt - ok
22:02:16.0809 3204 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:02:16.0840 3204 nvraid - ok
22:02:16.0872 3204 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:02:16.0903 3204 nvstor - ok
22:02:16.0981 3204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:02:17.0012 3204 nv_agp - ok
22:02:17.0028 3204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:02:17.0074 3204 ohci1394 - ok
22:02:17.0121 3204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:02:17.0184 3204 Parport - ok
22:02:17.0199 3204 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:02:17.0246 3204 partmgr - ok
22:02:17.0262 3204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:02:17.0308 3204 pci - ok
22:02:17.0340 3204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:02:17.0355 3204 pciide - ok
22:02:17.0386 3204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:02:17.0433 3204 pcmcia - ok
22:02:17.0449 3204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:02:17.0480 3204 pcw - ok
22:02:17.0511 3204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:02:17.0652 3204 PEAUTH - ok
22:02:17.0745 3204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:02:17.0854 3204 PptpMiniport - ok
22:02:17.0948 3204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:02:18.0010 3204 Processor - ok
22:02:18.0073 3204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:02:18.0166 3204 Psched - ok
22:02:18.0307 3204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:02:18.0463 3204 ql2300 - ok
22:02:18.0478 3204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:02:18.0510 3204 ql40xx - ok
22:02:18.0541 3204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:02:18.0619 3204 QWAVEdrv - ok
22:02:18.0650 3204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:02:18.0759 3204 RasAcd - ok
22:02:18.0806 3204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:02:18.0915 3204 RasAgileVpn - ok
22:02:18.0962 3204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:02:19.0071 3204 Rasl2tp - ok
22:02:19.0102 3204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:02:19.0227 3204 RasPppoe - ok
22:02:19.0258 3204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:02:19.0383 3204 RasSstp - ok
22:02:19.0399 3204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:02:19.0524 3204 rdbss - ok
22:02:19.0555 3204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:02:19.0602 3204 rdpbus - ok
22:02:19.0648 3204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:02:19.0742 3204 RDPCDD - ok
22:02:19.0773 3204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:02:19.0882 3204 RDPENCDD - ok
22:02:19.0914 3204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:02:20.0023 3204 RDPREFMP - ok
22:02:20.0054 3204 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:02:20.0179 3204 RDPWD - ok
22:02:20.0226 3204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:02:20.0272 3204 rdyboost - ok
22:02:20.0319 3204 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:02:20.0382 3204 RFCOMM - ok
22:02:20.0429 3204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:02:20.0538 3204 rspndr - ok
22:02:20.0569 3204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:02:20.0600 3204 sbp2port - ok
22:02:20.0631 3204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:02:20.0741 3204 scfilter - ok
22:02:20.0803 3204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:02:20.0897 3204 secdrv - ok
22:02:20.0959 3204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:02:21.0006 3204 Serenum - ok
22:02:21.0021 3204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:02:21.0068 3204 Serial - ok
22:02:21.0099 3204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:02:21.0146 3204 sermouse - ok
22:02:21.0177 3204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:02:21.0224 3204 sffdisk - ok
22:02:21.0240 3204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:02:21.0287 3204 sffp_mmc - ok
22:02:21.0302 3204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:02:21.0349 3204 sffp_sd - ok
22:02:21.0380 3204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:02:21.0411 3204 sfloppy - ok
22:02:21.0474 3204 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:02:21.0552 3204 Sftfs - ok
22:02:21.0614 3204 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:02:21.0661 3204 Sftplay - ok
22:02:21.0692 3204 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:02:21.0708 3204 Sftredir - ok
22:02:21.0755 3204 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:02:21.0770 3204 Sftvol - ok
22:02:21.0833 3204 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
22:02:21.0895 3204 SiSGbeLH - ok
22:02:21.0911 3204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:02:21.0942 3204 SiSRaid2 - ok
22:02:21.0957 3204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:02:21.0989 3204 SiSRaid4 - ok
22:02:22.0004 3204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:02:22.0129 3204 Smb - ok
22:02:22.0301 3204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:02:22.0332 3204 spldr - ok
22:02:22.0425 3204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:02:22.0535 3204 srv - ok
22:02:22.0581 3204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:02:22.0675 3204 srv2 - ok
22:02:22.0753 3204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:02:22.0831 3204 srvnet - ok
22:02:22.0893 3204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:02:22.0909 3204 stexstor - ok
22:02:22.0956 3204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:02:22.0987 3204 swenum - ok
22:02:23.0112 3204 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
22:02:23.0299 3204 Tcpip - ok
22:02:23.0377 3204 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
22:02:23.0471 3204 TCPIP6 - ok
22:02:23.0517 3204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:02:23.0627 3204 tcpipreg - ok
22:02:23.0658 3204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:02:23.0767 3204 TDPIPE - ok
22:02:23.0783 3204 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:02:23.0892 3204 TDTCP - ok
22:02:23.0923 3204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:02:24.0032 3204 tdx - ok
22:02:24.0048 3204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:02:24.0079 3204 TermDD - ok
22:02:24.0157 3204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:02:24.0266 3204 tssecsrv - ok
22:02:24.0313 3204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:02:24.0375 3204 TsUsbFlt - ok
22:02:24.0391 3204 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:02:24.0438 3204 TsUsbGD - ok
22:02:24.0485 3204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:02:24.0578 3204 tunnel - ok
22:02:24.0594 3204 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
22:02:24.0625 3204 TurboB - ok
22:02:24.0656 3204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:02:24.0687 3204 uagp35 - ok
22:02:24.0719 3204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:02:24.0859 3204 udfs - ok
22:02:24.0890 3204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:02:24.0921 3204 uliagpkx - ok
22:02:24.0953 3204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:02:25.0015 3204 umbus - ok
22:02:25.0046 3204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:02:25.0093 3204 UmPass - ok
22:02:25.0140 3204 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:02:25.0202 3204 usbccgp - ok
22:02:25.0265 3204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:02:25.0327 3204 usbcir - ok
22:02:25.0374 3204 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:02:25.0436 3204 usbehci - ok
22:02:25.0483 3204 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:02:25.0577 3204 usbhub - ok
22:02:25.0623 3204 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:02:25.0670 3204 usbohci - ok
22:02:25.0701 3204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
22:02:25.0764 3204 usbprint - ok
22:02:25.0795 3204 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
22:02:25.0857 3204 USBSTOR - ok
22:02:25.0904 3204 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:02:25.0951 3204 usbuhci - ok
22:02:26.0059 3204 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:02:26.0121 3204 usbvideo - ok
22:02:26.0159 3204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:02:26.0204 3204 vdrvroot - ok
22:02:26.0262 3204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:02:26.0303 3204 vga - ok
22:02:26.0333 3204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:02:26.0423 3204 VgaSave - ok
22:02:26.0444 3204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:02:26.0487 3204 vhdmp - ok
22:02:26.0518 3204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:02:26.0545 3204 viaide - ok
22:02:26.0578 3204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:02:26.0610 3204 volmgr - ok
22:02:26.0632 3204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:02:26.0659 3204 volmgrx - ok
22:02:26.0692 3204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:02:26.0743 3204 volsnap - ok
22:02:26.0769 3204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:02:26.0807 3204 vsmraid - ok
22:02:26.0839 3204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:02:26.0899 3204 vwifibus - ok
22:02:26.0934 3204 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:02:26.0991 3204 vwififlt - ok
22:02:27.0024 3204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:02:27.0074 3204 WacomPen - ok
22:02:27.0121 3204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:02:27.0231 3204 WANARP - ok
22:02:27.0247 3204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:02:27.0322 3204 Wanarpv6 - ok
22:02:27.0369 3204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:02:27.0400 3204 Wd - ok
22:02:27.0431 3204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:02:27.0493 3204 Wdf01000 - ok
22:02:27.0556 3204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:02:27.0665 3204 WfpLwf - ok
22:02:27.0696 3204 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
22:02:27.0743 3204 WimFltr - ok
22:02:27.0790 3204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:02:27.0821 3204 WIMMount - ok
22:02:28.0055 3204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:02:28.0102 3204 WmiAcpi - ok
22:02:28.0180 3204 wolf - ok
22:02:28.0367 3204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:02:28.0476 3204 ws2ifsl - ok
22:02:28.0539 3204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:02:28.0648 3204 WudfPf - ok
22:02:28.0773 3204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:02:28.0882 3204 WUDFRd - ok
22:02:28.0960 3204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:02:29.0163 3204 \Device\Harddisk0\DR0 - ok
22:02:29.0163 3204 Boot (0x1200) (14eb14f2d9eac272f371e7520d2f6de1) \Device\Harddisk0\DR0\Partition0
22:02:29.0163 3204 \Device\Harddisk0\DR0\Partition0 - ok
22:02:29.0194 3204 Boot (0x1200) (9e6234ace4a0ef5ba6a323ab6a62b57d) \Device\Harddisk0\DR0\Partition1
22:02:29.0194 3204 \Device\Harddisk0\DR0\Partition1 - ok
22:02:29.0194 3204 ============================================================
22:02:29.0194 3204 Scan finished
22:02:29.0194 3204 ============================================================
22:02:29.0225 2772 Detected object count: 0
22:02:29.0225 2772 Actual detected object count: 0
22:05:59.0442 0456 Deinitialize success

Alt 10.11.2011, 22:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.11.2011, 00:07   #11
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



hier der log

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-10.03 - Ahmet Kocagenis 10.11.2011  22:32:19.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6056.4331 [GMT 1:00]
ausgeführt von:: c:\users\Ahmet Kocagenis\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-10 bis 2011-11-10  ))))))))))))))))))))))))))))))
.
.
2011-11-09 16:05 . 2011-11-09 16:05	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84DBE89-8790-4609-9F6C-9ED3D301EB20}\offreg.dll
2011-11-08 17:14 . 2011-11-08 17:14	--------	d-----w-	c:\program files (x86)\ESET
2011-11-08 15:56 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84DBE89-8790-4609-9F6C-9ED3D301EB20}\mpengine.dll
2011-11-07 22:07 . 2011-11-07 22:07	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-06 18:48 . 2011-11-06 18:48	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-06 18:47 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-06 18:38 . 2011-11-06 18:38	--------	d-----w-	c:\windows\Sun
2011-10-29 19:51 . 2011-10-29 19:51	--------	d-----w-	c:\programdata\RELOADED
2011-10-29 19:49 . 2007-07-19 22:57	411496	----a-w-	c:\windows\system32\xactengine2_9.dll
2011-10-29 08:33 . 2011-10-29 08:33	--------	d-----w-	c:\programdata\EA Core
2011-10-29 08:33 . 2011-10-29 08:33	--------	d-----w-	c:\programdata\Electronic Arts
2011-10-28 06:16 . 2011-10-28 06:16	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Local\Xobni
2011-10-28 06:16 . 2011-10-28 06:16	--------	d-----w-	c:\program files (x86)\Xobni
2011-10-28 06:15 . 2011-10-28 06:15	--------	d-----w-	c:\users\Ahmet Kocagenis\.swt
2011-10-28 06:14 . 2011-11-04 06:15	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Azureus
2011-10-28 06:14 . 2011-10-28 06:14	--------	d-----w-	c:\program files (x86)\Vuze
2011-10-27 10:32 . 2011-10-27 10:32	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
2011-10-27 10:19 . 2011-10-27 10:19	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2011-10-27 10:18 . 2011-10-27 10:19	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2011-10-19 19:33 . 2011-10-19 19:33	--------	d-----w-	c:\windows\wb
2011-10-19 17:19 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2011-10-19 17:19 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft Sync Framework
2011-10-19 17:16 . 2011-10-19 17:16	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2011-10-19 17:15 . 2011-10-19 17:15	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2011-10-19 17:15 . 2011-10-19 17:15	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Local\Microsoft Help
2011-10-19 17:15 . 2011-11-07 22:08	--------	d-----w-	c:\programdata\Microsoft Help
2011-10-19 16:11 . 2011-10-19 18:45	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
2011-10-15 18:20 . 2011-10-15 18:20	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Avira
2011-10-15 18:19 . 2011-10-11 13:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-15 18:19 . 2011-10-11 13:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-15 18:19 . 2011-10-11 13:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-15 18:19 . 2011-10-15 18:19	--------	d-----w-	c:\programdata\Avira
2011-10-15 18:19 . 2011-10-15 18:19	--------	d-----w-	c:\program files (x86)\Avira
2011-10-15 17:54 . 2011-10-15 17:54	--------	d-----w-	C:\found.000
2011-10-15 09:16 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-10-14 08:26 . 2011-10-14 08:26	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Unity
2011-10-14 07:25 . 2011-10-14 07:25	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Local\Unity
2011-10-14 06:53 . 2011-09-06 03:03	3138048	----a-w-	c:\windows\system32\win32k.sys
2011-10-14 06:53 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-14 06:53 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-14 06:53 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-14 06:53 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-14 06:53 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-14 06:53 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-14 06:53 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-10-14 06:53 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-12 14:27 . 2011-10-12 14:27	--------	d-----w-	c:\windows\system32\Macromed
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 16:03 . 2011-08-26 17:22	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-09-12 19:52 . 2010-06-24 18:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-29 06:34 . 2011-08-29 06:34	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-27 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/16 10:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wolf;wolf;c:\games\WolfTeamTS\wolf64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74159840
*Deregistered* - 74159840
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.goggle.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ahmet Kocagenis\AppData\Roaming\Mozilla\Firefox\Profiles\cdkomaxt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\1c\06\0e5`"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-10  23:51:41
ComboFix-quarantined-files.txt  2011-11-10 22:51
.
Vor Suchlauf: 12 Verzeichnis(se), 196.710.273.024 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 197.037.056.000 Bytes frei
.
- - End Of File - - 6E57C9B7E804EDDC3C7C8B690CE0EBE6
         
--- --- ---

Alt 11.11.2011, 13:46   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Dirlook::
c:\programdata\RELOADED

Folder::
C:\found.000

File::
c:\windows\system32\acovcnt.exe
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.11.2011, 20:41   #13
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-10.03 - Ahmet Kocagenis 10.11.2011  22:32:19.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6056.4331 [GMT 1:00]
ausgeführt von:: c:\users\Ahmet Kocagenis\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-10 bis 2011-11-10  ))))))))))))))))))))))))))))))
.
.
2011-11-09 16:05 . 2011-11-09 16:05	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84DBE89-8790-4609-9F6C-9ED3D301EB20}\offreg.dll
2011-11-08 17:14 . 2011-11-08 17:14	--------	d-----w-	c:\program files (x86)\ESET
2011-11-08 15:56 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84DBE89-8790-4609-9F6C-9ED3D301EB20}\mpengine.dll
2011-11-07 22:07 . 2011-11-07 22:07	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-06 18:48 . 2011-11-06 18:48	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-06 18:47 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-06 18:38 . 2011-11-06 18:38	--------	d-----w-	c:\windows\Sun
2011-10-29 19:51 . 2011-10-29 19:51	--------	d-----w-	c:\programdata\RELOADED
2011-10-29 19:49 . 2007-07-19 22:57	411496	----a-w-	c:\windows\system32\xactengine2_9.dll
2011-10-29 08:33 . 2011-10-29 08:33	--------	d-----w-	c:\programdata\EA Core
2011-10-29 08:33 . 2011-10-29 08:33	--------	d-----w-	c:\programdata\Electronic Arts
2011-10-28 06:16 . 2011-10-28 06:16	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Local\Xobni
2011-10-28 06:16 . 2011-10-28 06:16	--------	d-----w-	c:\program files (x86)\Xobni
2011-10-28 06:15 . 2011-10-28 06:15	--------	d-----w-	c:\users\Ahmet Kocagenis\.swt
2011-10-28 06:14 . 2011-11-04 06:15	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Azureus
2011-10-28 06:14 . 2011-10-28 06:14	--------	d-----w-	c:\program files (x86)\Vuze
2011-10-27 10:32 . 2011-10-27 10:32	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
2011-10-27 10:19 . 2011-10-27 10:19	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2011-10-27 10:18 . 2011-10-27 10:19	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2011-10-19 19:33 . 2011-10-19 19:33	--------	d-----w-	c:\windows\wb
2011-10-19 17:19 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2011-10-19 17:19 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft Sync Framework
2011-10-19 17:16 . 2011-10-19 17:16	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2011-10-19 17:15 . 2011-10-19 17:15	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2011-10-19 17:15 . 2011-10-19 17:15	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Local\Microsoft Help
2011-10-19 17:15 . 2011-11-07 22:08	--------	d-----w-	c:\programdata\Microsoft Help
2011-10-19 16:11 . 2011-10-19 18:45	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
2011-10-15 18:20 . 2011-10-15 18:20	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Avira
2011-10-15 18:19 . 2011-10-11 13:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-15 18:19 . 2011-10-11 13:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-15 18:19 . 2011-10-11 13:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-15 18:19 . 2011-10-15 18:19	--------	d-----w-	c:\programdata\Avira
2011-10-15 18:19 . 2011-10-15 18:19	--------	d-----w-	c:\program files (x86)\Avira
2011-10-15 17:54 . 2011-10-15 17:54	--------	d-----w-	C:\found.000
2011-10-15 09:16 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-10-14 08:26 . 2011-10-14 08:26	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Unity
2011-10-14 07:25 . 2011-10-14 07:25	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Local\Unity
2011-10-14 06:53 . 2011-09-06 03:03	3138048	----a-w-	c:\windows\system32\win32k.sys
2011-10-14 06:53 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-14 06:53 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-14 06:53 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-14 06:53 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-14 06:53 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-14 06:53 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-14 06:53 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-10-14 06:53 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-12 14:27 . 2011-10-12 14:27	--------	d-----w-	c:\windows\system32\Macromed
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 16:03 . 2011-08-26 17:22	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-09-12 19:52 . 2010-06-24 18:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-29 06:34 . 2011-08-29 06:34	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-27 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/16 10:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wolf;wolf;c:\games\WolfTeamTS\wolf64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74159840
*Deregistered* - 74159840
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.goggle.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ahmet Kocagenis\AppData\Roaming\Mozilla\Firefox\Profiles\cdkomaxt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\1c\06\0e5`"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-10  23:51:41
ComboFix-quarantined-files.txt  2011-11-10 22:51
.
Vor Suchlauf: 12 Verzeichnis(se), 196.710.273.024 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 197.037.056.000 Bytes frei
.
- - End Of File - - 6E57C9B7E804EDDC3C7C8B690CE0EBE6
         
--- --- ---

Alt 11.11.2011, 20:44   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.11.2011, 12:14   #15
Ahmet
 
Bundespolizei ucash Virus - Standard

Bundespolizei ucash Virus



Also hier nochmal der combofix log mit dem notepad.Der post bzw log davor war der normale combofix hab ich ausversehen gepostet sorrryyy!


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-10.03 - Ahmet Kocagenis 13.11.2011  10:44:51.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6056.4151 [GMT 1:00]
ausgeführt von:: c:\users\Ahmet Kocagenis\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Ahmet Kocagenis\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\dir0000.chk\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
c:\found.000\dir0000.chk\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
c:\found.000\dir0001.chk\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
c:\found.000\dir0001.chk\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
c:\found.000\dir0002.chk\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
c:\found.000\dir0002.chk\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
c:\found.000\dir0003.chk\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
c:\found.000\dir0003.chk\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
c:\found.000\dir0004.chk\System.Data.ni.dll
c:\found.000\dir0006.chk\PresentationCFFRasterizer.ni.dll
c:\found.000\dir0007.chk\ComSvcConfig.ni.exe
c:\found.000\file0000.chk
c:\found.000\file0001.chk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-13 bis 2011-11-13  ))))))))))))))))))))))))))))))
.
.
2011-11-13 11:01 . 2011-11-13 11:01	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-11-13 11:01 . 2011-11-13 11:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-12 20:28 . 2011-11-12 20:28	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD5A8C3F-00C5-4976-9A05-12AFEB45EC40}\offreg.dll
2011-11-12 00:37 . 2011-11-12 00:37	--------	d-----w-	C:\Xobni
2011-11-11 08:31 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD5A8C3F-00C5-4976-9A05-12AFEB45EC40}\mpengine.dll
2011-11-09 20:53 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 20:53 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 20:53 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:53 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 17:14 . 2011-11-08 17:14	--------	d-----w-	c:\program files (x86)\ESET
2011-11-07 22:07 . 2011-11-07 22:07	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-06 18:48 . 2011-11-06 18:48	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-06 18:47 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-06 18:38 . 2011-11-06 18:38	--------	d-----w-	c:\windows\Sun
2011-10-29 19:51 . 2011-10-29 19:51	--------	d-----w-	c:\programdata\RELOADED
2011-10-29 19:49 . 2007-07-19 22:57	411496	----a-w-	c:\windows\system32\xactengine2_9.dll
2011-10-29 08:33 . 2011-10-29 08:33	--------	d-----w-	c:\programdata\EA Core
2011-10-29 08:33 . 2011-10-29 08:33	--------	d-----w-	c:\programdata\Electronic Arts
2011-10-28 06:16 . 2011-10-28 06:16	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Local\Xobni
2011-10-28 06:16 . 2011-10-28 06:16	--------	d-----w-	c:\program files (x86)\Xobni
2011-10-28 06:15 . 2011-10-28 06:15	--------	d-----w-	c:\users\Ahmet Kocagenis\.swt
2011-10-28 06:14 . 2011-11-04 06:15	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Azureus
2011-10-28 06:14 . 2011-10-28 06:14	--------	d-----w-	c:\program files (x86)\Vuze
2011-10-27 10:32 . 2011-10-27 10:32	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
2011-10-27 10:19 . 2011-10-27 10:19	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2011-10-27 10:18 . 2011-10-27 10:19	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2011-10-19 19:33 . 2011-10-19 19:33	--------	d-----w-	c:\windows\wb
2011-10-19 17:19 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2011-10-19 17:19 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft Sync Framework
2011-10-19 17:16 . 2011-10-19 17:16	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2011-10-19 17:15 . 2011-10-19 17:15	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2011-10-19 17:15 . 2011-10-19 17:15	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Local\Microsoft Help
2011-10-19 17:15 . 2011-11-10 23:24	--------	d-----w-	c:\programdata\Microsoft Help
2011-10-19 16:11 . 2011-10-19 18:45	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
2011-10-16 17:55 . 2011-10-16 17:55	18139008	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-15 18:20 . 2011-10-15 18:20	--------	d-----w-	c:\users\Ahmet Kocagenis\AppData\Roaming\Avira
2011-10-15 18:19 . 2011-10-11 13:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-15 18:19 . 2011-10-11 13:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-15 18:19 . 2011-10-11 13:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-15 18:19 . 2011-10-15 18:19	--------	d-----w-	c:\programdata\Avira
2011-10-15 18:19 . 2011-10-15 18:19	--------	d-----w-	c:\program files (x86)\Avira
2011-10-15 09:16 . 2011-10-19 17:19	--------	d-----w-	c:\program files (x86)\Microsoft.NET
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 20:25 . 2011-08-26 17:22	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-09-12 19:52 . 2010-06-24 18:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-29 06:34 . 2011-08-29 06:34	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-08-27 05:37 . 2011-10-14 06:53	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-14 06:53	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-14 06:53	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-14 06:53	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-08-17 05:26 . 2011-10-14 06:53	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-14 06:53	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-14 06:53	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-14 06:53	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\RELOADED ----
.
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-10_22.46.50   )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-09 15:24 . 2011-11-09 15:24	13396              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-11-12 16:59 . 2011-11-12 16:59	13396              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-02-18 20:13 . 2011-11-12 20:27	49688              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-12 20:27	39326              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2011-11-12 08:16	91888              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-11-09 02:04 . 2011-11-09 02:04	87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	11120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	11120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-11-09 02:04 . 2011-11-09 02:04	97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	94552              c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	94552              c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	91488              c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	91488              c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-19 17:21 . 2011-10-19 20:55	34144              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	34144              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	42848              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	42848              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	19296              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	19296              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-20 14:08 . 2010-10-20 14:08	40808              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\RECALL.DLL
+ 2011-01-12 16:59 . 2011-01-12 16:59	43352              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLRPC.DLL
+ 2010-10-22 13:05 . 2010-10-22 13:05	28000              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLACCT.DLL
+ 2010-10-20 14:08 . 2010-10-20 14:08	87920              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\DLGSETP.DLL
- 2011-09-04 09:21 . 2011-10-29 18:13	7264              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-09-04 09:21 . 2011-11-12 16:59	7264              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-26 17:23 . 2011-11-12 20:27	7468              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-233786055-1952707722-1195120785-1001_UserData.bin
- 2011-11-09 16:03 . 2011-11-09 16:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-12 20:25 . 2011-11-12 20:25	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-12 20:25 . 2011-11-12 20:25	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-09 16:03 . 2011-11-09 16:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-26 17:59 . 2011-11-13 09:36	239366              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2011-11-09 02:04	627864              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-12 16:58	627864              c:\windows\system32\perfh009.dat
- 2011-02-19 04:24 . 2011-11-09 02:04	666022              c:\windows\system32\perfh007.dat
+ 2011-02-19 04:24 . 2011-11-12 16:58	666022              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-11-12 16:58	110326              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-09 02:04	110326              c:\windows\system32\perfc009.dat
+ 2011-02-19 04:24 . 2011-11-12 16:58	133944              c:\windows\system32\perfc007.dat
- 2011-02-19 04:24 . 2011-11-09 02:04	133944              c:\windows\system32\perfc007.dat
- 2009-07-14 04:45 . 2011-10-20 09:00	414944              c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-11-11 08:25	414944              c:\windows\system32\FNTCACHE.DAT
+ 2011-07-16 17:08 . 2011-11-12 16:59	614264              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-16 17:08 . 2011-11-09 15:24	614264              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-11-09 15:24	385004              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-12 16:59	385004              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-12 20:12 . 2011-11-12 00:37	844540              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-233786055-1952707722-1195120785-1001-12288.dat
- 2011-09-12 20:12 . 2011-11-09 15:24	844540              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-233786055-1952707722-1195120785-1001-12288.dat
+ 2011-11-12 16:58 . 2011-11-12 16:58	350592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	350592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	163168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	163168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	699224              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	699224              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	857960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	857960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	675672              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	675672              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	129912              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	129912              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	390008              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	390008              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	505208              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	505208              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	122264              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	122264              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	291184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	291184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	349568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	349568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	236880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	236880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	253280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	253280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	123736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	123736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	392552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	392552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	125816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	125816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	607064              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	607064              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	122248              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	122248              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	525704              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	525704              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	581464              c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	581464              c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	832856              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	832856              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	194424              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	194424              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	478576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	478576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	167288              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	167288              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	232304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	232304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	349576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	349576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	387960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	387960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	288616              c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	288616              c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	335712              c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	335712              c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	125440              c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	125440              c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	237424              c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	237424              c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	187776              c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	187776              c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	269672              c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	269672              c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	334688              c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	334688              c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	170368              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	170368              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-10-26 22:23 . 2011-10-26 22:23	925696              c:\windows\Installer\6aff1d2.msp
+ 2011-10-26 21:51 . 2011-10-26 21:51	592896              c:\windows\Installer\6aff1a7.msp
+ 2011-10-26 21:50 . 2011-10-26 21:50	599040              c:\windows\Installer\6aff176.msp
- 2011-10-19 17:30 . 2011-10-19 17:30	571232              c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-11-10 23:23 . 2011-11-10 23:23	571232              c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-11-10 23:23 . 2011-11-10 23:23	571232              c:\windows\Installer\{90140000-006E-0407-0000-0000000FF1CE}\misc.exe
- 2011-11-07 22:07 . 2011-11-07 22:07	571232              c:\windows\Installer\{90140000-006E-0407-0000-0000000FF1CE}\misc.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	415584              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	415584              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	303456              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	303456              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	571232              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	571232              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	326496              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	326496              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	469856              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	469856              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	178528              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	178528              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-10-20 13:11 . 2010-10-20 13:11	105344              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\TRANSMGR.DLL
+ 2011-03-31 13:08 . 2011-03-31 13:08	347568              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\SCNPST64.DLL
+ 2011-03-31 13:08 . 2011-03-31 13:08	336808              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\SCNPST32.DLL
+ 2010-10-22 13:05 . 2010-10-22 13:05	423280              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\RTFHTML.DLL
+ 2011-03-17 08:34 . 2011-03-17 08:34	309096              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\PSTPRX32.DLL
+ 2011-03-18 21:08 . 2011-03-18 21:08	329616              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLPH.DLL
+ 2011-03-17 08:34 . 2011-03-17 08:34	523656              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLMIME.DLL
+ 2010-10-20 14:08 . 2010-10-20 14:08	122720              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLCTL.DLL
+ 2010-12-21 01:08 . 2010-12-21 01:08	616312              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONWORDADDIN.DLL
+ 2010-12-21 01:08 . 2010-12-21 01:08	561024              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONPPTADDIN.DLL
+ 2011-03-11 15:52 . 2011-03-11 15:52	140656              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONENOTEMANAGED.DLL
+ 2010-12-20 23:07 . 2010-12-20 23:07	227712              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONENOTEM.EXE
+ 2010-12-21 01:08 . 2010-12-21 01:08	533368              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONBTTNWD.DLL
+ 2010-12-21 01:08 . 2010-12-21 01:08	533376              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONBTTNPPT.DLL
+ 2010-12-27 22:52 . 2010-12-27 22:52	698240              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONBTTNOL.DLL
+ 2010-12-27 22:52 . 2010-12-27 22:52	233360              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OMSXP32.DLL
+ 2010-12-27 22:52 . 2010-12-27 22:52	724864              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OMSMAIN.DLL
+ 2010-12-20 22:59 . 2010-12-20 22:59	360824              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MSOUC.EXE
+ 2010-12-20 22:59 . 2010-12-20 22:59	718720              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MSOSYNC.EXE
+ 2010-10-20 14:08 . 2010-10-20 14:08	358752              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MIMEDIR.DLL
+ 2010-10-20 14:08 . 2010-10-20 14:08	273824              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MAPIPH.DLL
+ 2010-10-20 14:08 . 2010-10-20 14:08	135528              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\IMPMAIL.DLL
+ 2010-12-21 01:08 . 2010-12-21 01:08	577960              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\IECONTENTSERVICE.EXE
+ 2011-03-17 08:34 . 2011-03-17 08:34	155008              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ENVELOPE.DLL
+ 2010-10-22 13:05 . 2010-10-22 13:05	135032              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\CONTAB32.DLL
+ 2009-07-14 04:45 . 2011-11-11 23:09	7111262              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-29 15:10	7111262              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-11-09 02:04 . 2011-11-09 02:04	1368920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	1368920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	3510600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	3510600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	4982120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	4982120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	6097256              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	6097256              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	1026936              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	1026936              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	1354584              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	1354584              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	1199968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	1199968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	1462648              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	1462648              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	6428520              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	6428520              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	3116376              c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	3116376              c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	3824480              c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	3824480              c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	4967248              c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	4967248              c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	3563408              c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	3563408              c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	2975064              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	2975064              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	3788128              c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	3788128              c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	5197648              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	5197648              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58	2989456              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-11-09 02:04 . 2011-11-09 02:04	2989456              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-22 14:21 . 2011-10-22 14:21	3463168              c:\windows\Installer\6aff22f.msp
+ 2011-10-26 21:45 . 2011-10-26 21:45	9177600              c:\windows\Installer\6aff20e.msp
+ 2011-10-26 22:19 . 2011-10-26 22:19	1051648              c:\windows\Installer\6aff1f4.msp
+ 2011-10-26 22:23 . 2011-10-26 22:23	8821760              c:\windows\Installer\6aff1ea.msp
+ 2011-10-19 17:21 . 2011-11-10 23:24	1479520              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	1479520              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	1858400              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	1858400              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	3792736              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	3792736              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-19 17:21 . 2011-10-19 20:55	1449312              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24	1449312              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-03-18 20:59 . 2011-03-18 20:59	9221992              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONMAIN.DLL
+ 2011-03-02 18:21 . 2011-03-02 18:21	1683808              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONENOTE.EXE
+ 2011-03-18 21:08 . 2011-03-18 21:08	3250560              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OLMAPI32.DLL
+ 2009-07-14 02:34 . 2011-11-11 21:53	10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-10-14 16:50	10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-10-23 16:10 . 2011-11-10 23:13	52174280              c:\windows\system32\MRT.exe
+ 2011-08-26 18:29 . 2011-11-12 16:59	17398104              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-233786055-1952707722-1195120785-1001-8192.dat
+ 2011-10-26 21:51 . 2011-10-26 21:51	16885760              c:\windows\Installer\6aff195.msp
+ 2011-10-26 21:46 . 2011-10-26 21:46	11580928              c:\windows\Installer\6aff16d.msp
+ 2011-10-22 14:21 . 2011-10-22 14:21	21515264              c:\windows\Installer\6aff155.msp
+ 2011-03-31 13:08 . 2011-03-31 13:08	15933792              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLOOK.EXE
+ 2011-04-06 18:53 . 2011-04-06 18:53	72521600              c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MSORES.DLL
- 2011-11-09 02:05 . 2011-11-09 02:05	13102080              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7fd5ea24b7142d03585913c69b9a964f\System.Windows.Forms.ni.dll
+ 2011-11-12 16:59 . 2011-11-12 16:59	13102080              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7fd5ea24b7142d03585913c69b9a964f\System.Windows.Forms.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-27 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/16 10:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wolf;wolf;c:\games\WolfTeamTS\wolf64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.goggle.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ahmet Kocagenis\AppData\Roaming\Mozilla\Firefox\Profiles\cdkomaxt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\1c\06\0e5`"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-13  12:06:30
ComboFix-quarantined-files.txt  2011-11-13 11:06
ComboFix2.txt  2011-11-10 22:51
.
Vor Suchlauf: 20 Verzeichnis(se), 194.485.280.768 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 194.518.794.240 Bytes frei
.
- - End Of File - - B1F8DB8928346C9D5D78898B1C613F34
         
--- --- ---

Antwort

Themen zu Bundespolizei ucash Virus
beitrag, bundespolizei, durchgeführt, eingefangen, ergebniss, gefangen, gen, hoffe, malwarebytes, poste, programm, runtergeladen, thread, ucash, virus, virus eingefangen



Ähnliche Themen: Bundespolizei ucash Virus


  1. Ucash Virus
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (9)
  2. Automatisierte Informationskontrolle/Bundespolizei/UCash/Virus
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (2)
  3. Nach BKA/UCASH Virus sporadischer Fehler TCP/IP
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (14)
  4. Bundespolizei Virus,Ucash Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (1)
  5. BKA Trojaner/Ucash
    Log-Analyse und Auswertung - 09.08.2012 (6)
  6. Automatische Informationskontrolle / UCash Bundespolizei / Virus
    Log-Analyse und Auswertung - 29.07.2012 (12)
  7. Trojaner Bundespolizei: Zahlung von 100€ über UCash wird verlangt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (15)
  8. Bundespolizei/ucash Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (27)
  9. Gema virus - bundespolizei Virus - popup
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (21)
  10. bundespolizeitrojaner/ucash
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  11. BKA-Ucash-Virus auf Laptop mit Windows XP SP 3
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (30)
  12. Effektiver Schutz vor dem BKA/Ucash/GEMA/..- Virus
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (2)
  13. 50€ ucash Virus
    Log-Analyse und Auswertung - 03.02.2012 (11)
  14. Virus - 50 Euro ucash ding :P
    Log-Analyse und Auswertung - 02.01.2012 (1)
  15. Bundespolizei Trojaner ucash
    Log-Analyse und Auswertung - 21.11.2011 (17)
  16. Bundespolizei/Ucash-Problem
    Log-Analyse und Auswertung - 31.08.2011 (1)
  17. BKA UCASH Sperre
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (9)

Zum Thema Bundespolizei ucash Virus - hallo, das hier ist mein erster beitrag also vorneweg sorry für fehler. ich habe mir leider diesen virus eingefangen " bundespolizei ucash". ich habe vorher in ihrem thread gelesen und - Bundespolizei ucash Virus...
Archiv
Du betrachtest: Bundespolizei ucash Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.