Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Data Recovery - Bin ich jetzt clean? (https://www.trojaner-board.de/106173-data-recovery-clean.html)

johndoe23 13.12.2011 12:34
Data Recovery - Bin ich jetzt clean?
 
Mich hat der Data Recovery Virus heimgesucht. Beim Surfen gingen plötzlich beide Browser aus (IE und FF liefen parallel) und Antivir gab mir eine Meldung, die ich leider nicht mehr auf dem Schirm habe. Dann kamen die in diesem Artikel genannte Fehlermeldungen:
http://www.trojaner-board.de/103458-...entfernen.html
Jetzt würde ich natürlich gerne wissen, ob ich clean bin, oder ob mir da bei Passworteingabe etc. Angst und Bange sein muss.

Ich habe rkill ausgeführt, Malwarebytes durchlaufen lassen, nun auch OTL und ESET online scan sowie den TDSSKiller (found, neutralized, quarantined: 0 threats )

Malwarebytes hab ich öfters durchlaufen lassen, da hab ich jetzt insgesamt 4 log-files (siehe Anhang).

OTL und Extras auch im Anhang.

ESET hier:
C:\ProgramData\Aumy5Ew17GFLs3.exe a variant of Win32/Kryptik.XDZ trojan cleaned by deleting - quarantined
C:\Users\Gökhan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\54deb0af-460ff5d7 Java/TrojanDownloader.OpenConnection.AP trojan cleaned by deleting - quarantined
C:\Users\Gökhan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3064c545-3891daee Java/TrojanDownloader.OpenConnection.AP trojan cleaned by deleting - quarantined


Vielen Dank allein schon fürs Klicken in den Thread.

cosinus 13.12.2011 13:11
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

johndoe23 13.12.2011 14:27
Danke für die schnelle Antwort. Malwarebytes aktualisiert und gerade fleissig am scannen :)

sinnfreien Fullquote entfernt //cosinus

johndoe23 13.12.2011 14:43
Hier nun der Loginhalt des Vollscans:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8365

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

13.12.2011 14:36:39
mbam-log-2011-12-13 (14-36-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 403995
Laufzeit: 34 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 13.12.2011 15:26
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


johndoe23 13.12.2011 17:30
Der einzige Inhalt ist dieser (erscheint mir irgendwie falsch!?). Er hatte insgesamt drei Infizierungen gefunden: 2 mal etwas mit Java und eine andere Geschichte. Ich Nase habs jetzt einfach gefinished, weil ich dachte, es würde alles im Log aufgeführt sein.

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

cosinus 13.12.2011 20:15
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

johndoe23 13.12.2011 20:49
Zitat:
Zitat von cosinus (Beitrag 733632)
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Ah, total verschnarcht. Sorry!! Bin erst morgen wieder am befallenen Rechner.
Danke für die Mühe. Weiß ich zu schätzen.

johndoe23 14.12.2011 14:38
Soo, habs jetzt als Admin ausgeführt. Hier der Inhalt des log:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=73a77c53f7532e409029a3fd3ea58d40
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-14 01:02:17
# local_time=2011-12-14 02:02:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 8372 60389487 1168 0
# compatibility_mode=3588 16777214 85 79 2916846 27750430 0 0
# compatibility_mode=5893 16776573 100 94 8386 75487474 0 0
# compatibility_mode=8192 67108863 100 0 88646 88646 0 0
# scanned=213805
# found=3
# cleaned=0
# scan_time=10113
C:\Users\Gökhan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\46d67699-2068f788        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Gökhan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\219a4561-63b1c53f        a variant of Java/Agent.DP trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Gökhan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\482aa863-799a774a        a variant of Java/Agent.DP trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 14.12.2011 16:35
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

johndoe23 14.12.2011 17:25
OTL Logfile:
Code:
OTL logfile created on: 14.12.2011 17:13:21 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Gökhan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 73,76% Memory free
7,83 Gb Paging File | 5,74 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,27 Gb Total Space | 353,72 Gb Free Space | 79,62% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHAN-PC | User Name: Gökhan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gökhan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (03939979) -- C:\Windows\SysNative\drivers\03939979.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys (Symantec Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys (Symantec Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110103.001\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110103.001\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "google.de"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.12.12 21:54:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.28 08:23:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_3_6 [2011.12.14 09:51:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.12 21:54:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.13 10:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.12 21:54:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.09.05 13:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan\AppData\Roaming\mozilla\Extensions
[2011.11.14 07:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan\AppData\Roaming\mozilla\Firefox\Profiles\l4hb6y29.default\extensions
[2011.12.12 21:53:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Gökhan\AppData\Roaming\mozilla\Firefox\Profiles\l4hb6y29.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.13 10:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.13 10:00:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GöKHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4HB6Y29.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\USERS\GöKHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4HB6Y29.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2011.11.10 09:21:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.07 09:14:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.07 09:14:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.07 09:14:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.07 09:14:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.07 09:14:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.07 09:14:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Gökhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Gökhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{771DDC4E-2322-4B6D-ACE6-3DF6129D63BF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F40928D8-0614-413C-BF27-AB40F410D077}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{302975de-f55a-11e0-bc06-bc77377a2eb5}\Shell - "" = AutoRun
O33 - MountPoints2\{302975de-f55a-11e0-bc06-bc77377a2eb5}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Gökhan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_06657716.lnk - C:\Users\GKHAN~1\AppData\Local\Temp\_UNINS~1.BAT - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MsConfig:64bit - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: DpHost - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.13 16:59:20 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\Desktop\Reality XL Screeny Variante folder
[2011.12.13 11:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.13 11:35:42 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Gökhan\Desktop\esetsmartinstaller_enu.exe
[2011.12.13 11:27:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan\Desktop\OTL.exe
[2011.12.13 10:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.12 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\AppData\Roaming\Malwarebytes
[2011.12.12 20:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.12 20:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.12 20:49:29 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.12 20:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.12 17:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.12.12 17:32:09 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\03939979.sys
[2011.12.12 17:27:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\AppData\Roaming\Avira
[2011.12.12 17:17:53 | 000,000,000 | ---D | C] -- C:\Logs
[2011.12.12 17:06:49 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011.12.09 10:14:24 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\Desktop\Poliklinik Chemnitz
[2011.12.08 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\Desktop\Kilian
[2011.12.07 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\temp
[2011.12.07 10:49:29 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\Desktop\Logos
[2011.12.06 16:57:56 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\Desktop\Eventim
[2011.12.06 15:36:08 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\Desktop\Reality X
[2011.12.06 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\Desktop\HDDeluxe
[2011.12.02 14:20:47 | 004,020,008 | ---- | C] (TeamViewer GmbH) -- C:\Users\Gökhan\Desktop\TeamViewer_Setup_de.exe
[2011.11.30 10:49:16 | 000,000,000 | ---D | C] -- C:\Users\Gökhan\AppData\Roaming\TeamViewer
[2011.11.15 09:12:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.14 10:14:26 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.12.14 10:00:50 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 10:00:50 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 09:55:44 | 001,500,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.14 09:55:44 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.14 09:55:44 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.14 09:55:44 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.14 09:55:44 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.14 09:51:34 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.14 09:51:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.14 09:51:18 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.13 17:08:02 | 003,453,556 | ---- | M] () -- C:\Users\Gökhan\Desktop\Reality XL Screeny Variante folder.zip
[2011.12.13 11:35:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Gökhan\Desktop\esetsmartinstaller_enu.exe
[2011.12.13 11:27:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan\Desktop\OTL.exe
[2011.12.13 10:39:17 | 000,000,304 | ---- | M] () -- C:\ProgramData\~Aumy5Ew17GFLs3
[2011.12.13 10:37:59 | 001,008,120 | ---- | M] () -- C:\Users\Gökhan\Desktop\rkill.com
[2011.12.12 20:49:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.12 18:23:28 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\03939979.sys
[2011.12.12 17:08:26 | 000,000,456 | ---- | M] () -- C:\ProgramData\Aumy5Ew17GFLs3
[2011.12.12 17:06:50 | 000,000,224 | ---- | M] () -- C:\ProgramData\~Aumy5Ew17GFLs3r
[2011.12.12 13:27:27 | 009,787,311 | ---- | M] () -- C:\Users\Gökhan\Desktop\TV-VET_Logo.wmv
[2011.12.09 10:18:00 | 001,423,421 | ---- | M] () -- C:\Users\Gökhan\Desktop\Winter01.jpg
[2011.12.07 17:20:41 | 000,001,030 | ---- | M] () -- C:\Users\Gökhan\Desktop\TeamViewer 7.lnk
[2011.12.02 14:20:32 | 004,020,008 | ---- | M] (TeamViewer GmbH) -- C:\Users\Gökhan\Desktop\TeamViewer_Setup_de.exe
[2011.11.22 07:56:26 | 005,047,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.21 09:57:55 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2011.11.16 11:30:16 | 000,000,132 | ---- | M] () -- C:\Users\Gökhan\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
========== Files Created - No Company Name ==========
 
[2011.12.13 17:08:01 | 003,453,556 | ---- | C] () -- C:\Users\Gökhan\Desktop\Reality XL Screeny Variante folder.zip
[2011.12.13 10:37:57 | 001,008,120 | ---- | C] () -- C:\Users\Gökhan\Desktop\rkill.com
[2011.12.12 21:14:29 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.12.12 21:14:24 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.12.12 21:14:24 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.12.12 21:14:24 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.12.12 21:14:24 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.12.12 21:14:24 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.12.12 21:14:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.12.12 21:14:24 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.12.12 21:14:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.12.12 21:14:24 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.12.12 21:14:24 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011.12.12 21:14:24 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.12.12 21:14:24 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.12.12 21:14:23 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011.12.12 21:14:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.12.12 21:14:23 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.12 21:14:23 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011.12.12 21:14:23 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk
[2011.12.12 21:14:23 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk
[2011.12.12 21:14:23 | 000,001,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011.12.12 21:14:23 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011.12.12 21:14:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.12.12 21:14:23 | 000,001,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011.12.12 21:14:23 | 000,001,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2011.12.12 21:14:23 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigitalPersona Fingerprint Software.lnk
[2011.12.12 21:14:23 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2011.12.12 21:14:23 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011.12.12 21:14:23 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.12.12 20:49:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.12 17:06:50 | 000,000,304 | ---- | C] () -- C:\ProgramData\~Aumy5Ew17GFLs3
[2011.12.12 17:06:50 | 000,000,224 | ---- | C] () -- C:\ProgramData\~Aumy5Ew17GFLs3r
[2011.12.12 17:06:46 | 000,000,456 | ---- | C] () -- C:\ProgramData\Aumy5Ew17GFLs3
[2011.12.12 13:27:15 | 009,787,311 | ---- | C] () -- C:\Users\Gökhan\Desktop\TV-VET_Logo.wmv
[2011.12.09 10:18:00 | 001,423,421 | ---- | C] () -- C:\Users\Gökhan\Desktop\Winter01.jpg
[2011.12.07 17:20:09 | 000,001,060 | ---- | C] () -- C:\Users\Gökhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011.12.07 17:20:09 | 000,001,030 | ---- | C] () -- C:\Users\Gökhan\Desktop\TeamViewer 7.lnk
[2011.12.07 14:35:21 | 111,384,208 | ---- | C] () -- C:\Users\Gökhan\Desktop\DeluxeLoungeHD-02-ProRes.wmv
[2011.11.21 09:57:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.16 09:20:41 | 000,000,132 | ---- | C] () -- C:\Users\Gökhan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.09.28 14:15:09 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2011.09.08 15:25:50 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.09.01 07:38:28 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.29 14:28:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.29 14:28:05 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.29 14:28:03 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.29 12:18:18 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.09.04 12:00:16 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.08.31 12:40:51 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\DigitalPersona
[2011.12.14 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\FileZilla
[2011.09.12 10:42:10 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Leadertech
[2011.09.09 10:37:10 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\OpenOffice.org
[2011.09.27 16:17:25 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\SoftGrid Client
[2011.12.08 12:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\TeamViewer
[2011.12.12 21:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Thunderbird
[2011.09.01 07:39:10 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\TP
[2011.09.05 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Windows Live Writer
[2011.12.14 09:51:34 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009.07.14 06:08:49 | 000,027,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.14 10:14:26 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
<    Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet >
 
<  >
 
< Code: >
 
<  >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.30 16:32:01 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Adobe
[2011.10.31 07:18:05 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Apple Computer
[2011.12.12 17:27:05 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Avira
[2011.09.04 12:00:16 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.12.12 21:53:50 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Creative
[2011.09.02 02:01:23 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Dell
[2011.08.31 12:40:51 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\DigitalPersona
[2011.12.14 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\FileZilla
[2011.08.31 14:22:46 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Identities
[2011.08.31 12:40:37 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Intel
[2011.09.12 10:42:10 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Leadertech
[2011.09.12 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Logitech
[2011.09.01 07:47:59 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Macromedia
[2011.12.12 20:49:42 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Media Center Programs
[2011.12.12 21:53:50 | 000,000,000 | --SD | M] -- C:\Users\Gökhan\AppData\Roaming\Microsoft
[2011.09.05 13:00:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Mozilla
[2011.09.15 14:46:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\NVIDIA
[2011.09.09 10:37:10 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\OpenOffice.org
[2011.09.19 12:33:00 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Roxio
[2011.09.07 15:32:35 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Roxio Burn
[2011.12.12 21:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Skype
[2011.09.27 16:17:25 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\SoftGrid Client
[2011.12.08 12:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\TeamViewer
[2011.12.12 21:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Thunderbird
[2011.09.01 07:39:10 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\TP
[2011.12.12 21:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\vlc
[2011.09.05 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\Gökhan\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.09.04 11:59:51 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gökhan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.07 12:00:31 | 000,010,134 | R--- | M] () -- C:\Users\Gökhan\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Gökhan\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Gökhan\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Gökhan\AppData\Local\Temp\RarSFX3\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.05.29 14:45:17 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Gökhan\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Gökhan\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Gökhan\AppData\Local\Temp\RarSFX3\winlogon.exe
[2011.05.29 14:45:17 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
<  >

< End of report >
--- --- ---

cosinus 14.12.2011 21:56
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV:64bit: - (03939979) -- C:\Windows\SysNative\drivers\03939979.sys (Kaspersky Lab ZAO)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{302975de-f55a-11e0-bc06-bc77377a2eb5}\Shell - "" = AutoRun
O33 - MountPoints2\{302975de-f55a-11e0-bc06-bc77377a2eb5}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
[2011.12.12 18:23:28 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\03939979.sys
[2011.12.12 17:08:26 | 000,000,456 | ---- | M] () -- C:\ProgramData\Aumy5Ew17GFLs3
[2011.12.12 17:06:50 | 000,000,224 | ---- | M] () -- C:\ProgramData\~Aumy5Ew17GFLs3r
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

johndoe23 14.12.2011 22:00
Hi,

das kann ich dann wieder morgen erst machen. Kannst Du mir zwischenzeitlich evtl. erklären, was wir jetzt genau machen? :) Kann man jetzt schon grob sehen, ob ich stark gefährdet bin?
Viele Grüße

cosinus 14.12.2011 22:09
Nein, mach erstmal den OTL-Fix

johndoe23 15.12.2011 07:37
Guten Morgen :)
Hier der Code:

Code:
All processes killed
========== OTL ==========
Error: Unable to stop service 03939979!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\03939979 deleted successfully.
C:\Windows\SysNative\drivers\03939979.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{302975de-f55a-11e0-bc06-bc77377a2eb5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302975de-f55a-11e0-bc06-bc77377a2eb5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{302975de-f55a-11e0-bc06-bc77377a2eb5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302975de-f55a-11e0-bc06-bc77377a2eb5}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
File C:\Windows\SysNative\drivers\03939979.sys not found.
C:\ProgramData\Aumy5Ew17GFLs3 moved successfully.
C:\ProgramData\~Aumy5Ew17GFLs3r moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gökhan
->Temp folder emptied: 553265919 bytes
->Temporary Internet Files folder emptied: 556739974 bytes
->Java cache emptied: 730902 bytes
->FireFox cache emptied: 42972256 bytes
->Flash cache emptied: 57114 bytes
 
User: Malte
->Temp folder emptied: 279239 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155045818 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 4434444494 bytes
 
Total Files Cleaned = 5.478,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12152011_073137

Files\Folders moved on Reboot...
C:\Users\Gökhan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 15.12.2011 11:29
Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

johndoe23 15.12.2011 11:36
Code:
11:33:32.0643 1080        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:33:32.0802 1080        ============================================================
11:33:32.0802 1080        Current date / time: 2011/12/15 11:33:32.0802
11:33:32.0802 1080        SystemInfo:
11:33:32.0802 1080       
11:33:32.0802 1080        OS Version: 6.1.7601 ServicePack: 1.0
11:33:32.0802 1080        Product type: Workstation
11:33:32.0802 1080        ComputerName: GÖKHAN-PC
11:33:32.0802 1080        UserName: Gökhan
11:33:32.0802 1080        Windows directory: C:\Windows
11:33:32.0802 1080        System windows directory: C:\Windows
11:33:32.0802 1080        Running under WOW64
11:33:32.0802 1080        Processor architecture: Intel x64
11:33:32.0802 1080        Number of processors: 8
11:33:32.0802 1080        Page size: 0x1000
11:33:32.0802 1080        Boot type: Normal boot
11:33:32.0802 1080        ============================================================
11:33:33.0359 1080        Initialize success
11:34:26.0017 8004        ============================================================
11:34:26.0017 8004        Scan started
11:34:26.0017 8004        Mode: Manual; SigCheck; TDLFS;
11:34:26.0017 8004        ============================================================
11:34:27.0365 8004        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:34:27.0532 8004        1394ohci - ok
11:34:27.0571 8004        Acceler        (aedb94a49236f5ff060c90e09e70281f) C:\Windows\system32\DRIVERS\Accelern.sys
11:34:27.0627 8004        Acceler - ok
11:34:27.0676 8004        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:34:27.0695 8004        ACPI - ok
11:34:27.0733 8004        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:34:27.0825 8004        AcpiPmi - ok
11:34:27.0858 8004        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:34:27.0878 8004        adp94xx - ok
11:34:27.0899 8004        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:34:27.0917 8004        adpahci - ok
11:34:27.0935 8004        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:34:27.0949 8004        adpu320 - ok
11:34:28.0016 8004        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:34:28.0075 8004        AFD - ok
11:34:28.0116 8004        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:34:28.0132 8004        agp440 - ok
11:34:28.0174 8004        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:34:28.0186 8004        aliide - ok
11:34:28.0199 8004        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:34:28.0210 8004        amdide - ok
11:34:28.0243 8004        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:34:28.0301 8004        AmdK8 - ok
11:34:28.0332 8004        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:34:28.0361 8004        AmdPPM - ok
11:34:28.0380 8004        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:34:28.0393 8004        amdsata - ok
11:34:28.0418 8004        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:34:28.0432 8004        amdsbs - ok
11:34:28.0451 8004        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:34:28.0462 8004        amdxata - ok
11:34:28.0532 8004        ApfiltrService  (6690e42ced5d067233abad42da141213) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:34:28.0547 8004        ApfiltrService - ok
11:34:28.0603 8004        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:34:28.0742 8004        AppID - ok
11:34:28.0790 8004        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:34:28.0803 8004        arc - ok
11:34:28.0814 8004        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:34:28.0826 8004        arcsas - ok
11:34:28.0870 8004        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:34:29.0021 8004        AsyncMac - ok
11:34:29.0114 8004        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:34:29.0125 8004        atapi - ok
11:34:29.0202 8004        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
11:34:29.0216 8004        avgntflt - ok
11:34:29.0237 8004        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
11:34:29.0248 8004        avipbb - ok
11:34:29.0307 8004        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:34:29.0360 8004        b06bdrv - ok
11:34:29.0408 8004        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:34:29.0446 8004        b57nd60a - ok
11:34:29.0484 8004        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:34:29.0533 8004        Beep - ok
11:34:29.0712 8004        BHDrvx64        (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
11:34:29.0739 8004        BHDrvx64 - ok
11:34:29.0806 8004        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:34:29.0837 8004        blbdrive - ok
11:34:29.0901 8004        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:34:29.0935 8004        bowser - ok
11:34:29.0954 8004        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:34:30.0027 8004        BrFiltLo - ok
11:34:30.0044 8004        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:34:30.0087 8004        BrFiltUp - ok
11:34:30.0136 8004        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:34:30.0168 8004        Brserid - ok
11:34:30.0198 8004        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:34:30.0233 8004        BrSerWdm - ok
11:34:30.0258 8004        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:34:30.0286 8004        BrUsbMdm - ok
11:34:30.0303 8004        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:34:30.0328 8004        BrUsbSer - ok
11:34:30.0378 8004        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:34:30.0433 8004        BthEnum - ok
11:34:30.0468 8004        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:34:30.0491 8004        BTHMODEM - ok
11:34:30.0540 8004        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:34:30.0579 8004        BthPan - ok
11:34:30.0626 8004        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:34:30.0650 8004        BTHPORT - ok
11:34:30.0677 8004        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:34:30.0711 8004        BTHUSB - ok
11:34:30.0745 8004        btmaux          (962bd3689e2c85f0ba97f3d7e7ba540b) C:\Windows\system32\DRIVERS\btmaux.sys
11:34:30.0756 8004        btmaux - ok
11:34:30.0803 8004        btmhsf          (ec1220b647f0d995da5cad4153454779) C:\Windows\system32\DRIVERS\btmhsf.sys
11:34:30.0844 8004        btmhsf - ok
11:34:30.0902 8004        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:34:30.0944 8004        cdfs - ok
11:34:30.0994 8004        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:34:31.0025 8004        cdrom - ok
11:34:31.0053 8004        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:34:31.0100 8004        circlass - ok
11:34:31.0134 8004        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:34:31.0152 8004        CLFS - ok
11:34:31.0211 8004        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:34:31.0237 8004        CmBatt - ok
11:34:31.0264 8004        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:34:31.0275 8004        cmdide - ok
11:34:31.0321 8004        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:34:31.0352 8004        CNG - ok
11:34:31.0388 8004        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:34:31.0402 8004        Compbatt - ok
11:34:31.0436 8004        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:34:31.0462 8004        CompositeBus - ok
11:34:31.0504 8004        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:34:31.0515 8004        crcdisk - ok
11:34:31.0565 8004        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:34:31.0601 8004        CSC - ok
11:34:31.0654 8004        CtClsFlt        (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:34:31.0701 8004        CtClsFlt - ok
11:34:31.0750 8004        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:34:31.0797 8004        DfsC - ok
11:34:31.0821 8004        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:34:31.0867 8004        discache - ok
11:34:31.0904 8004        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:34:31.0919 8004        Disk - ok
11:34:31.0974 8004        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:34:31.0994 8004        drmkaud - ok
11:34:32.0049 8004        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:34:32.0078 8004        DXGKrnl - ok
11:34:32.0152 8004        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:34:32.0243 8004        ebdrv - ok
11:34:32.0340 8004        eeCtrl          (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:34:32.0358 8004        eeCtrl - ok
11:34:32.0402 8004        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:34:32.0425 8004        elxstor - ok
11:34:32.0474 8004        EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:34:32.0488 8004        EraserUtilRebootDrv - ok
11:34:32.0519 8004        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:34:32.0553 8004        ErrDev - ok
11:34:32.0617 8004        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:34:32.0657 8004        exfat - ok
11:34:32.0684 8004        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:34:32.0734 8004        fastfat - ok
11:34:32.0770 8004        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:34:32.0802 8004        fdc - ok
11:34:32.0846 8004        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:34:32.0860 8004        FileInfo - ok
11:34:32.0880 8004        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:34:32.0935 8004        Filetrace - ok
11:34:32.0955 8004        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:34:32.0969 8004        flpydisk - ok
11:34:33.0002 8004        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:34:33.0019 8004        FltMgr - ok
11:34:33.0037 8004        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:34:33.0049 8004        FsDepends - ok
11:34:33.0067 8004        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:34:33.0079 8004        Fs_Rec - ok
11:34:33.0117 8004        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:34:33.0134 8004        fvevol - ok
11:34:33.0165 8004        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:34:33.0176 8004        gagp30kx - ok
11:34:33.0197 8004        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:34:33.0262 8004        hcw85cir - ok
11:34:33.0312 8004        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:34:33.0345 8004        HDAudBus - ok
11:34:33.0362 8004        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:34:33.0383 8004        HidBatt - ok
11:34:33.0399 8004        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:34:33.0434 8004        HidBth - ok
11:34:33.0460 8004        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:34:33.0488 8004        HidIr - ok
11:34:33.0538 8004        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:34:33.0562 8004        HidUsb - ok
11:34:33.0615 8004        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:34:33.0628 8004        HpSAMD - ok
11:34:33.0683 8004        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:34:33.0727 8004        HTTP - ok
11:34:33.0770 8004        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:34:33.0781 8004        hwpolicy - ok
11:34:33.0818 8004        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:34:33.0832 8004        i8042prt - ok
11:34:33.0882 8004        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
11:34:33.0898 8004        iaStor - ok
11:34:33.0936 8004        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:34:33.0955 8004        iaStorV - ok
11:34:33.0983 8004        iBtFltCoex      (e44f0b4dc753c14930b8dc48bb7a1644) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
11:34:34.0002 8004        iBtFltCoex - ok
11:34:34.0164 8004        IDSVia64        (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
11:34:34.0185 8004        IDSVia64 - ok
11:34:34.0433 8004        igfx            (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:34:34.0734 8004        igfx - ok
11:34:34.0767 8004        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:34:34.0779 8004        iirsp - ok
11:34:34.0814 8004        Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
11:34:34.0853 8004        Impcd - ok
11:34:34.0919 8004        IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
11:34:34.0992 8004        IntcAzAudAddService - ok
11:34:35.0040 8004        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:34:35.0052 8004        intelide - ok
11:34:35.0082 8004        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:34:35.0105 8004        intelppm - ok
11:34:35.0152 8004        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:34:35.0194 8004        IpFilterDriver - ok
11:34:35.0224 8004        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:34:35.0239 8004        IPMIDRV - ok
11:34:35.0259 8004        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:34:35.0311 8004        IPNAT - ok
11:34:35.0333 8004        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:34:35.0407 8004        IRENUM - ok
11:34:35.0444 8004        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:34:35.0457 8004        isapnp - ok
11:34:35.0488 8004        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:34:35.0503 8004        iScsiPrt - ok
11:34:35.0533 8004        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:34:35.0545 8004        kbdclass - ok
11:34:35.0565 8004        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:34:35.0589 8004        kbdhid - ok
11:34:35.0632 8004        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:34:35.0644 8004        KSecDD - ok
11:34:35.0679 8004        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:34:35.0693 8004        KSecPkg - ok
11:34:35.0718 8004        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:34:35.0758 8004        ksthunk - ok
11:34:35.0832 8004        LEqdUsb        (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
11:34:35.0844 8004        LEqdUsb - ok
11:34:35.0884 8004        LHidEqd        (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
11:34:35.0896 8004        LHidEqd - ok
11:34:35.0915 8004        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:34:35.0926 8004        LHidFilt - ok
11:34:35.0964 8004        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:34:36.0008 8004        lltdio - ok
11:34:36.0044 8004        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:34:36.0055 8004        LMouFilt - ok
11:34:36.0099 8004        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:34:36.0112 8004        LSI_FC - ok
11:34:36.0137 8004        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:34:36.0150 8004        LSI_SAS - ok
11:34:36.0168 8004        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:34:36.0179 8004        LSI_SAS2 - ok
11:34:36.0197 8004        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:34:36.0210 8004        LSI_SCSI - ok
11:34:36.0237 8004        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:34:36.0282 8004        luafv - ok
11:34:36.0325 8004        MBAMProtector  (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
11:34:36.0337 8004        MBAMProtector - ok
11:34:36.0358 8004        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:34:36.0370 8004        megasas - ok
11:34:36.0392 8004        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:34:36.0409 8004        MegaSR - ok
11:34:36.0452 8004        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:34:36.0463 8004        MEIx64 - ok
11:34:36.0486 8004        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:34:36.0527 8004        Modem - ok
11:34:36.0555 8004        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:34:36.0582 8004        monitor - ok
11:34:36.0636 8004        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:34:36.0651 8004        mouclass - ok
11:34:36.0667 8004        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:34:36.0689 8004        mouhid - ok
11:34:36.0735 8004        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:34:36.0747 8004        mountmgr - ok
11:34:36.0789 8004        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:34:36.0805 8004        mpio - ok
11:34:36.0825 8004        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:34:36.0863 8004        mpsdrv - ok
11:34:36.0906 8004        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:34:36.0969 8004        MRxDAV - ok
11:34:36.0999 8004        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:34:37.0022 8004        mrxsmb - ok
11:34:37.0045 8004        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:34:37.0072 8004        mrxsmb10 - ok
11:34:37.0097 8004        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:34:37.0126 8004        mrxsmb20 - ok
11:34:37.0163 8004        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:34:37.0178 8004        msahci - ok
11:34:37.0209 8004        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:34:37.0224 8004        msdsm - ok
11:34:37.0263 8004        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:34:37.0316 8004        Msfs - ok
11:34:37.0340 8004        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:34:37.0379 8004        mshidkmdf - ok
11:34:37.0404 8004        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:34:37.0416 8004        msisadrv - ok
11:34:37.0442 8004        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:34:37.0487 8004        MSKSSRV - ok
11:34:37.0506 8004        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:34:37.0549 8004        MSPCLOCK - ok
11:34:37.0573 8004        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:34:37.0614 8004        MSPQM - ok
11:34:37.0653 8004        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:34:37.0671 8004        MsRPC - ok
11:34:37.0717 8004        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:34:37.0728 8004        mssmbios - ok
11:34:37.0759 8004        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:34:37.0799 8004        MSTEE - ok
11:34:37.0814 8004        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:34:37.0828 8004        MTConfig - ok
11:34:37.0848 8004        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:34:37.0860 8004        Mup - ok
11:34:37.0903 8004        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:34:37.0947 8004        NativeWifiP - ok
11:34:38.0053 8004        NAVENG          (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110103.001\ENG64.SYS
11:34:38.0065 8004        NAVENG - ok
11:34:38.0101 8004        NAVEX15        (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110103.001\EX64.SYS
11:34:38.0159 8004        NAVEX15 - ok
11:34:38.0252 8004        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:34:38.0281 8004        NDIS - ok
11:34:38.0317 8004        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:34:38.0361 8004        NdisCap - ok
11:34:38.0393 8004        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:34:38.0441 8004        NdisTapi - ok
11:34:38.0491 8004        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:34:38.0534 8004        Ndisuio - ok
11:34:38.0570 8004        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:34:38.0620 8004        NdisWan - ok
11:34:38.0672 8004        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:34:38.0709 8004        NDProxy - ok
11:34:38.0740 8004        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:34:38.0788 8004        NetBIOS - ok
11:34:38.0818 8004        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:34:38.0859 8004        NetBT - ok
11:34:39.0035 8004        NETwNs64        (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
11:34:39.0269 8004        NETwNs64 - ok
11:34:39.0300 8004        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:34:39.0311 8004        nfrd960 - ok
11:34:39.0342 8004        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:34:39.0383 8004        Npfs - ok
11:34:39.0407 8004        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:34:39.0439 8004        nsiproxy - ok
11:34:39.0492 8004        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:34:39.0546 8004        Ntfs - ok
11:34:39.0564 8004        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:34:39.0607 8004        Null - ok
11:34:39.0650 8004        nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
11:34:39.0686 8004        nusb3hub - ok
11:34:39.0713 8004        nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:34:39.0752 8004        nusb3xhc - ok
11:34:39.0796 8004        nvkflt          (7b13d007927920075db9eaabd7abb6fe) C:\Windows\system32\DRIVERS\nvkflt.sys
11:34:39.0810 8004        nvkflt - ok
11:34:40.0032 8004        nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:34:40.0353 8004        nvlddmkm - ok
11:34:40.0396 8004        nvpciflt        (2e5de4423bf6d1c44609febed7b1ff0f) C:\Windows\system32\DRIVERS\nvpciflt.sys
11:34:40.0408 8004        nvpciflt - ok
11:34:40.0453 8004        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:34:40.0469 8004        nvraid - ok
11:34:40.0510 8004        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:34:40.0526 8004        nvstor - ok
11:34:40.0598 8004        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:34:40.0611 8004        nv_agp - ok
11:34:40.0632 8004        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:34:40.0655 8004        ohci1394 - ok
11:34:40.0685 8004        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:34:40.0711 8004        Parport - ok
11:34:40.0747 8004        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:34:40.0763 8004        partmgr - ok
11:34:40.0788 8004        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:34:40.0803 8004        pci - ok
11:34:40.0838 8004        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:34:40.0852 8004        pciide - ok
11:34:40.0875 8004        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:34:40.0890 8004        pcmcia - ok
11:34:40.0913 8004        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:34:40.0925 8004        pcw - ok
11:34:40.0953 8004        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:34:40.0994 8004        PEAUTH - ok
11:34:41.0085 8004        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:34:41.0129 8004        PptpMiniport - ok
11:34:41.0147 8004        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:34:41.0171 8004        Processor - ok
11:34:41.0217 8004        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:34:41.0257 8004        Psched - ok
11:34:41.0292 8004        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:34:41.0302 8004        PxHlpa64 - ok
11:34:41.0363 8004        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:34:41.0410 8004        ql2300 - ok
11:34:41.0430 8004        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:34:41.0443 8004        ql40xx - ok
11:34:41.0465 8004        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:34:41.0493 8004        QWAVEdrv - ok
11:34:41.0527 8004        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:34:41.0566 8004        RasAcd - ok
11:34:41.0602 8004        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:34:41.0640 8004        RasAgileVpn - ok
11:34:41.0696 8004        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:34:41.0733 8004        Rasl2tp - ok
11:34:41.0782 8004        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:34:41.0830 8004        RasPppoe - ok
11:34:41.0852 8004        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:34:41.0892 8004        RasSstp - ok
11:34:41.0928 8004        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:34:41.0972 8004        rdbss - ok
11:34:41.0996 8004        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:34:42.0026 8004        rdpbus - ok
11:34:42.0056 8004        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:34:42.0088 8004        RDPCDD - ok
11:34:42.0130 8004        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:34:42.0164 8004        RDPDR - ok
11:34:42.0185 8004        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:34:42.0233 8004        RDPENCDD - ok
11:34:42.0254 8004        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:34:42.0299 8004        RDPREFMP - ok
11:34:42.0338 8004        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:34:42.0373 8004        RDPWD - ok
11:34:42.0419 8004        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:34:42.0434 8004        rdyboost - ok
11:34:42.0502 8004        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:34:42.0530 8004        RFCOMM - ok
11:34:42.0580 8004        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:34:42.0623 8004        rspndr - ok
11:34:42.0658 8004        RSUSBSTOR      (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
11:34:42.0672 8004        RSUSBSTOR - ok
11:34:42.0704 8004        RTL8167        (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:34:42.0723 8004        RTL8167 - ok
11:34:42.0760 8004        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:34:42.0802 8004        s3cap - ok
11:34:42.0838 8004        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:34:42.0851 8004        sbp2port - ok
11:34:42.0880 8004        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:34:42.0922 8004        scfilter - ok
11:34:42.0966 8004        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:34:43.0012 8004        secdrv - ok
11:34:43.0050 8004        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:34:43.0077 8004        Serenum - ok
11:34:43.0104 8004        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:34:43.0126 8004        Serial - ok
11:34:43.0176 8004        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:34:43.0203 8004        sermouse - ok
11:34:43.0230 8004        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:34:43.0249 8004        sffdisk - ok
11:34:43.0267 8004        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:34:43.0289 8004        sffp_mmc - ok
11:34:43.0312 8004        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:34:43.0345 8004        sffp_sd - ok
11:34:43.0386 8004        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:34:43.0401 8004        sfloppy - ok
11:34:43.0453 8004        Sftfs          (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:34:43.0478 8004        Sftfs - ok
11:34:43.0519 8004        Sftplay        (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:34:43.0533 8004        Sftplay - ok
11:34:43.0553 8004        Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:34:43.0565 8004        Sftredir - ok
11:34:43.0585 8004        Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:34:43.0595 8004        Sftvol - ok
11:34:43.0636 8004        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:34:43.0649 8004        SiSRaid2 - ok
11:34:43.0669 8004        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:34:43.0680 8004        SiSRaid4 - ok
11:34:43.0701 8004        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:34:43.0742 8004        Smb - ok
11:34:43.0782 8004        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:34:43.0793 8004        spldr - ok
11:34:43.0857 8004        SRTSP          (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
11:34:43.0883 8004        SRTSP - ok
11:34:43.0904 8004        SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
11:34:43.0915 8004        SRTSPX - ok
11:34:43.0951 8004        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:34:43.0994 8004        srv - ok
11:34:44.0016 8004        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:34:44.0044 8004        srv2 - ok
11:34:44.0069 8004        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:34:44.0098 8004        srvnet - ok
11:34:44.0159 8004        stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
11:34:44.0169 8004        stdcfltn - ok
11:34:44.0208 8004        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:34:44.0221 8004        stexstor - ok
11:34:44.0261 8004        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:34:44.0283 8004        StillCam - ok
11:34:44.0327 8004        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:34:44.0339 8004        storflt - ok
11:34:44.0371 8004        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:34:44.0383 8004        storvsc - ok
11:34:44.0423 8004        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:34:44.0435 8004        swenum - ok
11:34:44.0516 8004        SymDS          (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
11:34:44.0534 8004        SymDS - ok
11:34:44.0568 8004        SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
11:34:44.0594 8004        SymEFA - ok
11:34:44.0622 8004        SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:34:44.0635 8004        SymEvent - ok
11:34:44.0655 8004        SymIRON        (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
11:34:44.0667 8004        SymIRON - ok
11:34:44.0688 8004        SymNetS        (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
11:34:44.0704 8004        SymNetS - ok
11:34:44.0780 8004        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:34:44.0837 8004        Tcpip - ok
11:34:44.0886 8004        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:34:44.0921 8004        TCPIP6 - ok
11:34:44.0966 8004        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:34:45.0007 8004        tcpipreg - ok
11:34:45.0039 8004        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:34:45.0072 8004        TDPIPE - ok
11:34:45.0099 8004        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:34:45.0133 8004        TDTCP - ok
11:34:45.0170 8004        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:34:45.0210 8004        tdx - ok
11:34:45.0240 8004        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:34:45.0251 8004        TermDD - ok
11:34:45.0303 8004        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:34:45.0347 8004        tssecsrv - ok
11:34:45.0411 8004        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:34:45.0440 8004        TsUsbFlt - ok
11:34:45.0502 8004        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:34:45.0547 8004        tunnel - ok
11:34:45.0581 8004        TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
11:34:45.0594 8004        TurboB - ok
11:34:45.0619 8004        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:34:45.0631 8004        uagp35 - ok
11:34:45.0673 8004        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:34:45.0725 8004        udfs - ok
11:34:45.0772 8004        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:34:45.0788 8004        uliagpkx - ok
11:34:45.0845 8004        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:34:45.0858 8004        umbus - ok
11:34:45.0885 8004        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:34:45.0898 8004        UmPass - ok
11:34:45.0951 8004        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:34:46.0000 8004        usbccgp - ok
11:34:46.0041 8004        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:34:46.0064 8004        usbcir - ok
11:34:46.0126 8004        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:34:46.0139 8004        usbehci - ok
11:34:46.0166 8004        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:34:46.0197 8004        usbhub - ok
11:34:46.0217 8004        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:34:46.0239 8004        usbohci - ok
11:34:46.0268 8004        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:34:46.0285 8004        usbprint - ok
11:34:46.0307 8004        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:34:46.0362 8004        USBSTOR - ok
11:34:46.0389 8004        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:34:46.0408 8004        usbuhci - ok
11:34:46.0439 8004        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:34:46.0467 8004        usbvideo - ok
11:34:46.0493 8004        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:34:46.0505 8004        vdrvroot - ok
11:34:46.0549 8004        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:34:46.0565 8004        vga - ok
11:34:46.0582 8004        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:34:46.0628 8004        VgaSave - ok
11:34:46.0663 8004        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:34:46.0680 8004        vhdmp - ok
11:34:46.0729 8004        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:34:46.0740 8004        viaide - ok
11:34:46.0768 8004        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:34:46.0783 8004        vmbus - ok
11:34:46.0804 8004        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:34:46.0826 8004        VMBusHID - ok
11:34:46.0849 8004        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:34:46.0861 8004        volmgr - ok
11:34:46.0893 8004        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:34:46.0912 8004        volmgrx - ok
11:34:46.0936 8004        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:34:46.0952 8004        volsnap - ok
11:34:46.0981 8004        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:34:46.0995 8004        vsmraid - ok
11:34:47.0018 8004        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:34:47.0043 8004        vwifibus - ok
11:34:47.0063 8004        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:34:47.0091 8004        vwififlt - ok
11:34:47.0122 8004        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:34:47.0148 8004        vwifimp - ok
11:34:47.0183 8004        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:34:47.0203 8004        WacomPen - ok
11:34:47.0259 8004        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:47.0299 8004        WANARP - ok
11:34:47.0315 8004        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:47.0345 8004        Wanarpv6 - ok
11:34:47.0399 8004        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:34:47.0411 8004        Wd - ok
11:34:47.0438 8004        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:34:47.0461 8004        Wdf01000 - ok
11:34:47.0495 8004        wdkmd          (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
11:34:47.0506 8004        wdkmd - ok
11:34:47.0542 8004        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:34:47.0573 8004        WfpLwf - ok
11:34:47.0589 8004        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:34:47.0600 8004        WIMMount - ok
11:34:47.0645 8004        WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
11:34:47.0664 8004        WinUSB - ok
11:34:47.0713 8004        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:34:47.0740 8004        WmiAcpi - ok
11:34:47.0790 8004        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:34:47.0831 8004        ws2ifsl - ok
11:34:47.0880 8004        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:34:47.0915 8004        WudfPf - ok
11:34:48.0366 8004        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:34:48.0410 8004        WUDFRd - ok
11:34:48.0438 8004        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:34:48.0617 8004        \Device\Harddisk0\DR0 - ok
11:34:48.0620 8004        Boot (0x1200)  (8c1799444eec51129c5d7d54d4977a78) \Device\Harddisk0\DR0\Partition0
11:34:48.0621 8004        \Device\Harddisk0\DR0\Partition0 - ok
11:34:48.0652 8004        Boot (0x1200)  (5db2db772b77d467c139b1c44fe1e23c) \Device\Harddisk0\DR0\Partition1
11:34:48.0654 8004        \Device\Harddisk0\DR0\Partition1 - ok
11:34:48.0655 8004        ============================================================
11:34:48.0655 8004        Scan finished
11:34:48.0655 8004        ============================================================
11:34:48.0664 7672        Detected object count: 0
11:34:48.0664 7672        Actual detected object count: 0

cosinus 15.12.2011 11:50
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

johndoe23 15.12.2011 15:03
Nachdem ich combofix ausgeführt habe, und das Programm dann eine gefühlte Ewigkeit bei "Bereite Logdatei vor" stand, habe ich (nach Betrachtung einiger Threads mit ähnlichen Fällen) mutig-oder dumm- wie ich bin, das ComboFix beendet und den Rechner neugestartet. Mein Startmenü sieht zumindest schon wieder besser aus. Unter C:/ Combofix/ fand ich dann auch die combofix.txt . Unter C:/ direkt nicht.
Ist das die richtige?

Code:
ComboFix 11-12-15.02 - Gökhan 15.12.2011  14:08:11.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4010.2183 [GMT 1:00]
ausgeführt von:: C:\Users\G÷khan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Roaming


(((((((((((((((((((((((  Dateien erstellt von 2011-11-15 bis 2011-12-15  ))))))))))))))))))))))))))))))


2011-12-15 13:29:16 . 2011-12-15 13:29:16        --------        d-----w-        C:\Users\UpdatusUser\AppData\Local\temp
2011-12-15 13:29:16 . 2011-12-15 13:29:16        --------        d-----w-        C:\Users\Default\AppData\Local\temp
2011-12-15 06:37:50 . 2011-12-15 06:37:50        69000        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7444646F-4F7B-4C79-9854-C5A7B7B77F2B}\offreg.dll
2011-12-15 06:31:37 . 2011-12-15 06:31:37        --------        d-----w-        C:\_OTL
2011-12-14 09:14:26 . 2011-11-24 04:52:09        3145216        ----a-w-        C:\Windows\system32\win32k.sys
2011-12-14 09:14:23 . 2011-10-15 06:31:56        723456        ----a-w-        C:\Windows\system32\EncDec.dll
2011-12-14 09:14:22 . 2011-10-15 05:38:59        534528        ----a-w-        C:\Windows\SysWow64\EncDec.dll
2011-12-14 09:14:18 . 2011-11-05 05:32:50        2048        ----a-w-        C:\Windows\system32\tzres.dll
2011-12-14 09:14:18 . 2011-11-05 04:26:03        2048        ----a-w-        C:\Windows\SysWow64\tzres.dll
2011-12-13 17:14:59 . 2011-11-21 11:40:38        8822856        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7444646F-4F7B-4C79-9854-C5A7B7B77F2B}\mpengine.dll
2011-12-13 10:36:18 . 2011-12-13 10:36:18        --------        d-----w-        C:\Program Files (x86)\ESET
2011-12-13 09:01:10 . 2011-12-13 09:01:10        --------        d-----w-        C:\Program Files (x86)\Common Files\Java
2011-12-13 09:00:53 . 2011-11-10 04:54:13        476904        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-12-12 19:49:42 . 2011-12-12 19:49:42        --------        d-----w-        C:\Users\Gökhan\AppData\Roaming\Malwarebytes
2011-12-12 19:49:32 . 2011-12-12 19:49:32        --------        d-----w-        C:\ProgramData\Malwarebytes
2011-12-12 19:49:29 . 2011-12-12 20:54:37        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-12 19:49:29 . 2011-08-31 16:00:50        25416        ----a-w-        C:\Windows\system32\drivers\mbam.sys
2011-12-12 17:08:54 . 2011-12-12 20:53:48        --------        d-----w-        C:\Users\Malte
2011-12-12 16:32:26 . 2011-12-12 16:32:26        --------        d-----w-        C:\ProgramData\Kaspersky Lab
2011-12-12 16:27:05 . 2011-12-12 16:27:05        --------        d-----w-        C:\Users\Gökhan\AppData\Roaming\Avira
2011-12-12 16:17:53 . 2011-12-12 16:17:53        --------        d-----w-        C:\Logs
2011-12-07 16:20:05 . 2011-12-07 16:20:05        --------        d-----w-        C:\Users\Gökhan\temp
2011-12-07 16:08:43 . 2011-12-07 16:08:43        158056        ----a-w-        C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-30 09:49:16 . 2011-12-08 11:54:34        --------        d-----w-        C:\Users\Gökhan\AppData\Roaming\TeamViewer
.


((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))

cosinus 15.12.2011 15:53
Log ist unvollständig

johndoe23 16.12.2011 08:53
Leider bleibt es bei Stufe_4 eine gefühlte Ewigkeit stehen. Woran kann das liegen?

johndoe23 20.12.2011 09:39
Hat irgendwer ne Idee? Ich komm nicht über Stufe 4 hinweg....

cosinus 20.12.2011 10:12
Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131