| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei ucash VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.11.2011, 20:11
| #1 |
 |  Bundespolizei ucash Virus hallo, das hier ist mein erster beitrag also vorneweg sorry für fehler. ich habe mir leider diesen virus eingefangen " bundespolizei ucash". ich habe vorher in ihrem thread gelesen und habe das programm Malwarebytes runtergeladen und alles durchgeführt nun will ich das ergebniss posten. ich hoffe ihr könnt mir weiter helfen! Gruß Ahmet Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8097 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 9.0.8112.16421 06.11.2011 19:56:08 mbam-log-2011-11-06 (19-56-08).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 184356 Laufzeit: 1 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avupdate (Trojan.Agent) -> Value: avupdate -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\ahmet kocagenis\AppData\Roaming\mahmud.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
07.11.2011, 13:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei ucash Virus Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
08.11.2011, 20:48
| #3 |
| | Bundespolizei ucash Virus einmal der log vom vollscan
__________________Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8115 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 08.11.2011 20:07:38 mbam-log-2011-11-08 (20-07-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|) Durchsuchte Objekte: 314725 Laufzeit: 28 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
09.11.2011, 06:39
| #4 |
| | Bundespolizei ucash Virus hier der log vom andern scan. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=64c63d83ce5d554c8df67d579a504251 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-08 06:38:11 # local_time=2011-11-08 07:38:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 2069884 2069884 0 0 # compatibility_mode=5893 16776573 100 94 8480 72402493 0 0 # compatibility_mode=8192 67108863 100 0 3749 3749 0 0 # scanned=60178 # found=3 # cleaned=0 # scan_time=4849 C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J73US8G2\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5P62HCC\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Ahmet Kocagenis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\6304e921-64d0fc71 a variant of Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=64c63d83ce5d554c8df67d579a504251 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-08 09:45:20 # local_time=2011-11-08 10:45:20 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 2079022 2079022 0 0 # compatibility_mode=5893 16776573 100 94 17618 72411631 0 0 # compatibility_mode=8192 67108863 100 0 12887 12887 0 0 # scanned=139230 # found=3 # cleaned=0 # scan_time=6939 C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J73US8G2\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5P62HCC\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Ahmet Kocagenis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\6304e921-64d0fc71 a variant of Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I |
|
09.11.2011, 10:04
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei ucash Virus CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.11.2011, 15:44
| #6 |
| | Bundespolizei ucash Virus hier der scanOTL Logfile: Code:
ATTFilter OTL logfile created on: 09.11.2011 15:17:40 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ahmet Kocagenis\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 4,04 Gb Available Physical Memory | 68,25% Memory free 11,83 Gb Paging File | 9,69 Gb Available in Paging File | 81,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,47 Gb Total Space | 183,59 Gb Free Space | 76,99% Space Free | Partition Type: NTFS Drive D: | 332,70 Gb Total Space | 332,60 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: ASUSAHMET | User Name: Ahmet Kocagenis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.09 15:12:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmet Kocagenis\Downloads\OTL.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.12 16:40:06 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.16 18:08:21 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.06.09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011.05.18 18:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe PRC - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.11.15 09:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.11.12 08:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.19 20:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 20:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2010.02.03 08:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2011.09.12 16:40:06 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.18 18:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService) SRV - [2011.03.02 05:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.11.12 23:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 03:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.12.13 14:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.14 23:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.21 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Asus | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Asus | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ahmet Kocagenis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.06 07:26:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.04 14:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Extensions [2011.11.08 16:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions [2011.10.27 11:19:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.08 16:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions\trash [2011.09.04 14:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.06 07:26:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.06 07:26:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 07:26:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.06 07:26:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 07:26:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 07:26:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 07:26:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - Startup: C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BD83DD-CE54-44D9-A85D-861634AD816E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.09 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{5EB31E19-4DE1-4D1D-AC62-5DF95E1034CE} [2011.11.08 18:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.08 18:14:20 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ahmet Kocagenis\Desktop\esetsmartinstaller_enu.exe [2011.11.08 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2DA5CAB6-AA80-4110-88E6-F8D5C0011637} [2011.11.07 15:07:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C7584C9B-78F6-4BFE-9359-C102A38E8C57} [2011.11.07 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2FB58084-E249-4413-A9B3-E608B4B7065C} [2011.11.07 09:51:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2282D77C-183A-4FE9-9C68-78AAE1DF49B6} [2011.11.06 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes [2011.11.06 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.06 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.06 19:47:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.06 19:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.06 19:38:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.11.06 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8A476458-46B8-4B9A-B21F-9B8E8D353005} [2011.11.06 15:59:55 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{B8AAB0D6-87EC-4151-898A-E24CB7187AE5} [2011.11.05 22:06:39 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{04F8D4BF-C88B-43E2-9193-42BFA0957642} [2011.11.05 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8B1E9642-6281-4B8E-8F63-3574C47BE0F8} [2011.11.05 09:33:33 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{34B96B51-89EE-46EB-9433-BC9775D3E4C9} [2011.11.04 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{7B5B6620-FCC9-4147-9530-7E7054B7BFCC} [2011.11.04 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{45E396E4-D00A-46C1-BF7A-28C9DB6EEB09} [2011.11.04 09:19:00 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D52AEC4-22C6-49DA-8858-7985725F57EF} [2011.11.03 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8FA2C843-6D04-4D28-AD10-C20EDCF543EC} [2011.11.02 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1CAB58EF-A78D-484C-8879-9B3AB1782B11} [2011.11.02 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{34FBA4B8-1BA3-4263-A5AB-89179E8A7D77} [2011.11.02 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{46FCEA06-0A83-4C24-B452-E97EA3FA5AD8} [2011.11.02 15:20:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EF5CE282-98DA-4696-B6EF-BAD4CF461062} [2011.11.01 22:12:55 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{5CBBFDBF-CB18-4D52-BC6E-C608F9208345} [2011.11.01 16:33:41 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D489DA4-C673-432F-A8C1-39A789A8C184} [2011.10.31 19:14:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{459D7237-05DE-47D8-A116-A940B6914C1F} [2011.10.30 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{60D5C737-0B91-4D80-9817-E38A199D231A} [2011.10.30 11:45:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{01E0F387-75B6-4FF4-8C24-3F59A34A1ACB} [2011.10.30 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{42845A5D-2C21-43CB-BB9B-58976CEDB333} [2011.10.29 20:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2011.10.29 20:42:19 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BB8AF377-185A-4A07-9606-95D1ABF4780C} [2011.10.29 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{A050385D-BFF0-4AB4-8A13-3220263C282B} [2011.10.29 16:18:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C1A6BE1D-5A87-4FD7-8289-D78403250322} [2011.10.29 09:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011.10.29 09:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011.10.28 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D41946B5-C52D-4B9D-9F51-0BAC274FC3B2} [2011.10.28 07:17:43 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Documents\Vuze Downloads [2011.10.28 07:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xobni [2011.10.28 07:16:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Xobni [2011.10.28 07:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xobni [2011.10.28 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\.swt [2011.10.28 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus [2011.10.28 07:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze [2011.10.28 06:59:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F3575633-8DD9-4348-916D-5B3482681175} [2011.10.27 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{6FD6A7DD-5259-4BF0-AF23-DBCB00E04707} [2011.10.27 12:58:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{09129068-1134-4792-9F3C-58023379D0C1} [2011.10.27 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft [2011.10.27 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D89968C7-3140-441C-8B8B-203D782A0130} [2011.10.27 11:19:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.27 11:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.10.27 11:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.10.27 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Documents\DVDVideoSoft [2011.10.27 11:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2011.10.27 11:16:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Desktop\Selvet Flug [2011.10.27 11:14:32 | 015,170,608 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Ahmet Kocagenis\Desktop\FreeYouTubeToMP3Converter31011.exe [2011.10.27 09:52:49 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2760CDE1-FB61-47A2-AE78-734F51DAC536} [2011.10.27 06:04:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2E44DEDA-D92F-415A-98DD-6CD6CBC5DDAC} [2011.10.26 20:27:39 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EA2A46AA-3FB7-4F9B-84EB-C7275A37F38C} [2011.10.26 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C06B7D0D-95E5-498E-ACB7-506CDC25782F} [2011.10.25 11:22:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{E23DF75B-9DFF-402F-84E7-1EEC76D62696} [2011.10.25 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{202A9EB9-FE7F-4B3A-BA6B-2DB78E7FA395} [2011.10.24 19:43:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1C729B81-E758-4886-B7D5-4E417D2B5D44} [2011.10.24 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{30A6E201-5E3A-484D-AD64-815F3C6C42FD} [2011.10.23 21:54:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D25F38E6-F59D-4D95-97A4-F6838E046152} [2011.10.23 09:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{7B26C292-03E1-4A0F-B7C1-5B1F725C3034} [2011.10.22 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{44CEFEDD-C867-4098-AA82-A0D96A222369} [2011.10.22 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{466ECDB2-0337-4BA9-AEE4-5AE6DF687558} [2011.10.22 10:59:15 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F45F6C93-B549-4E24-B7FE-FCBF4C9A35F1} [2011.10.21 23:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{91F11EE3-6A28-4AE6-A5F8-6E028E1407ED} [2011.10.21 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D421B81-AFDF-49B5-BBAE-A0A61B176243} [2011.10.21 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EAEDD356-9884-45E8-BBFA-ED08A20B6EC5} [2011.10.20 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{884FE75E-0B18-4C07-8782-F5AC6863A932} [2011.10.20 12:06:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{87EAA8FD-A66E-4D1F-A62B-492CEDFA49A0} [2011.10.20 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{80FA91AE-F08C-4F06-A81D-768A7F572093} [2011.10.20 10:01:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{998B36C3-FEA0-4209-AFCA-23A2FD1A3357} [2011.10.19 20:33:55 | 000,000,000 | ---D | C] -- C:\Windows\wb [2011.10.19 19:46:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Desktop\UNI [2011.10.19 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2011.10.19 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.10.19 18:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011.10.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2011.10.19 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2011.10.19 18:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011.10.19 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft Help [2011.10.19 18:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.10.19 18:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2011.10.19 17:11:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent [2011.10.19 07:40:25 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{21C29734-A0A4-467B-A9AE-C0C9B4441DD8} [2011.10.18 17:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BFEB0C49-8933-431A-867A-B2544BFE1135} [2011.10.18 15:11:30 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{827E5185-0712-49D6-A935-22903F5AD69C} [2011.10.18 05:30:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EF97C8B2-D214-4FFB-86ED-184625212190} [2011.10.17 08:48:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{567CA159-3852-4D37-B53F-ABA27A25D577} [2011.10.17 07:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D27A87AC-6630-40C8-AE4B-9880FCA92A14} [2011.10.16 09:01:22 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C92EB79D-98D3-48D5-AA98-CCA91D7284E8} [2011.10.15 22:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{CEF15B66-CCAC-4053-BCB4-331E7ECADAD3} [2011.10.15 22:15:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{60A918DC-9BF0-43E4-A59A-C5EC3216B1E9} [2011.10.15 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Avira [2011.10.15 19:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.15 19:19:41 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.15 19:19:41 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.15 19:19:41 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.10.15 19:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.15 19:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.10.15 18:54:48 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.10.15 10:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.10.15 10:14:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{3AF5ECFD-2D4B-4597-B001-F0764DE4A191} [2011.10.15 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{362ED212-F7C3-4F84-B7FD-EDEEBA17AADD} [2011.10.14 09:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity [2011.10.14 08:25:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Unity [2011.10.14 07:46:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1E03E1D5-ACAE-4227-807F-07664997523F} [2011.10.14 07:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F312D6B6-EEB9-4FB7-81B5-B88E555510A7} [2011.10.13 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{18A8FD01-95BE-4E11-9CE5-0A790584EB50} [2011.10.13 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BDACDA19-1E92-4F7B-932C-CD64F935C998} [2011.10.12 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{65B02D19-078C-4B34-B9B1-64E8EA42860B} [2011.10.12 21:37:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{673FAE5D-C497-4E7A-A661-5AE88A043993} [2011.10.12 15:27:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.10.12 09:20:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{CA498DBD-2467-492D-A98A-703282AC0246} [2011.10.12 09:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{DA5C55B5-C3DB-4A9A-A738-7CDE8C1DCC9B} [2011.10.11 20:53:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{E1C9A678-A64B-46CC-A716-9BE2719D23B1} [2011.10.10 22:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle [2011.10.10 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Diagnostics [2011.10.10 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F0ACAE61-F711-41DB-B4E4-FE2D9A5662CB} [2011.10.10 19:48:25 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D35B9951-7A5B-49B5-8FF4-AA12419D9ECE} [2011.10.10 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games ========== Files - Modified Within 30 Days ========== [2011.11.09 15:15:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.09 15:15:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.09 15:07:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2011.11.09 15:07:46 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.09 15:07:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.09 15:07:26 | 467,787,775 | -HS- | M] () -- C:\hiberfil.sys [2011.11.09 05:45:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.09 03:04:17 | 001,552,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.09 03:04:17 | 000,666,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.09 03:04:17 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.09 03:04:17 | 000,133,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.09 03:04:17 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.08 18:14:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ahmet Kocagenis\Desktop\esetsmartinstaller_enu.exe [2011.11.07 09:50:02 | 000,002,246 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011.11.06 20:27:35 | 000,001,257 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011.11.06 19:47:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.28 10:56:42 | 000,000,466 | ---- | M] () -- C:\DATA (D) - Verknüpfung.lnk [2011.10.28 07:14:51 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2011.10.27 11:19:12 | 000,001,297 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Free Audio CD Burner.lnk [2011.10.27 11:19:12 | 000,001,241 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\DVDVideoSoft Free Studio.lnk [2011.10.27 11:19:12 | 000,001,156 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Free YouTube to MP3 Converter.lnk [2011.10.27 11:14:36 | 015,170,608 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\Ahmet Kocagenis\Desktop\FreeYouTubeToMP3Converter31011.exe [2011.10.20 10:09:19 | 000,001,075 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Darklord - Verknüpfung.lnk [2011.10.20 10:00:23 | 000,414,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.19 19:46:05 | 000,001,351 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Sticky Notes.lnk [2011.10.15 19:19:51 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2011.11.06 19:47:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.28 10:56:42 | 000,000,466 | ---- | C] () -- C:\DATA (D) - Verknüpfung.lnk [2011.10.28 07:14:51 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk [2011.10.28 07:14:51 | 000,001,850 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk [2011.10.27 11:19:12 | 000,001,297 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Free Audio CD Burner.lnk [2011.10.27 11:19:12 | 000,001,241 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\DVDVideoSoft Free Studio.lnk [2011.10.27 11:19:12 | 000,001,156 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Free YouTube to MP3 Converter.lnk [2011.10.20 10:08:23 | 000,001,075 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Darklord - Verknüpfung.lnk [2011.10.19 19:46:05 | 000,001,351 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Sticky Notes.lnk [2011.10.15 19:19:51 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.09.11 19:17:34 | 000,001,432 | ---- | C] () -- C:\Windows\cxqrf32.ini [2011.08.30 15:38:52 | 008,618,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.16 18:07:02 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.07.16 18:07:00 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2011.07.16 18:06:59 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2011.07.16 18:00:27 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.04.20 09:18:54 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.04.20 09:18:46 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.04.20 09:18:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config ========== LOP Check ========== [2011.08.26 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Asus WebStorage [2011.11.04 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus [2011.10.19 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent [2011.10.27 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft [2011.10.27 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.26 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Nuance [2011.09.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\PhotoFiltre [2011.10.19 17:01:04 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\SoftGrid Client [2011.08.30 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\TP [2011.10.14 09:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity [2011.08.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Zeon [2011.10.16 09:00:49 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.26 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Adobe [2011.08.26 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Asus WebStorage [2011.10.15 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Avira [2011.11.04 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus [2011.10.19 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent [2011.10.19 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\CyberLink [2011.10.27 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft [2011.10.27 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.26 18:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\FLEXnet [2011.08.26 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Identities [2011.08.26 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Macromedia [2011.11.06 19:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Media Center Programs [2011.11.06 19:25:07 | 000,000,000 | --SD | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft [2011.09.04 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Mozilla [2011.08.26 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Nuance [2011.09.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\PhotoFiltre [2011.10.19 17:01:04 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\SoftGrid Client [2011.08.30 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\TP [2011.10.14 09:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity [2011.09.14 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\WinRAR [2011.08.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2011.10.28 07:15:50 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2011.10.12 15:26:58 | 008,107,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
09.11.2011, 15:45
| #7 |
| | Bundespolizei ucash Virus hier das OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.11.2011 15:17:40 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ahmet Kocagenis\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 4,04 Gb Available Physical Memory | 68,25% Memory free 11,83 Gb Paging File | 9,69 Gb Available in Paging File | 81,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,47 Gb Total Space | 183,59 Gb Free Space | 76,99% Space Free | Partition Type: NTFS Drive D: | 332,70 Gb Total Space | 332,60 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: ASUSAHMET | User Name: Ahmet Kocagenis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.09 15:12:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmet Kocagenis\Downloads\OTL.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.12 16:40:06 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.16 18:08:21 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.06.09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011.05.18 18:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe PRC - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.11.15 09:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.11.12 08:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.19 20:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 20:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2010.02.03 08:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2011.09.12 16:40:06 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.18 18:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService) SRV - [2011.03.02 05:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.11.12 23:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 03:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.12.13 14:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.14 23:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.21 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goggle.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ahmet Kocagenis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.06 07:26:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.04 14:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Extensions [2011.11.08 16:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions [2011.10.27 11:19:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.08 16:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\mozilla\Firefox\Profiles\cdkomaxt.default\extensions\trash [2011.09.04 14:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.06 07:26:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.06 07:26:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 07:26:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.06 07:26:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 07:26:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 07:26:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 07:26:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - Startup: C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BD83DD-CE54-44D9-A85D-861634AD816E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.09 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{5EB31E19-4DE1-4D1D-AC62-5DF95E1034CE} [2011.11.08 18:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.08 18:14:20 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ahmet Kocagenis\Desktop\esetsmartinstaller_enu.exe [2011.11.08 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2DA5CAB6-AA80-4110-88E6-F8D5C0011637} [2011.11.07 15:07:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C7584C9B-78F6-4BFE-9359-C102A38E8C57} [2011.11.07 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2FB58084-E249-4413-A9B3-E608B4B7065C} [2011.11.07 09:51:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2282D77C-183A-4FE9-9C68-78AAE1DF49B6} [2011.11.06 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes [2011.11.06 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.06 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.06 19:47:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.06 19:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.06 19:38:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.11.06 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8A476458-46B8-4B9A-B21F-9B8E8D353005} [2011.11.06 15:59:55 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{B8AAB0D6-87EC-4151-898A-E24CB7187AE5} [2011.11.05 22:06:39 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{04F8D4BF-C88B-43E2-9193-42BFA0957642} [2011.11.05 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8B1E9642-6281-4B8E-8F63-3574C47BE0F8} [2011.11.05 09:33:33 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{34B96B51-89EE-46EB-9433-BC9775D3E4C9} [2011.11.04 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{7B5B6620-FCC9-4147-9530-7E7054B7BFCC} [2011.11.04 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{45E396E4-D00A-46C1-BF7A-28C9DB6EEB09} [2011.11.04 09:19:00 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D52AEC4-22C6-49DA-8858-7985725F57EF} [2011.11.03 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{8FA2C843-6D04-4D28-AD10-C20EDCF543EC} [2011.11.02 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1CAB58EF-A78D-484C-8879-9B3AB1782B11} [2011.11.02 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{34FBA4B8-1BA3-4263-A5AB-89179E8A7D77} [2011.11.02 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{46FCEA06-0A83-4C24-B452-E97EA3FA5AD8} [2011.11.02 15:20:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EF5CE282-98DA-4696-B6EF-BAD4CF461062} [2011.11.01 22:12:55 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{5CBBFDBF-CB18-4D52-BC6E-C608F9208345} [2011.11.01 16:33:41 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D489DA4-C673-432F-A8C1-39A789A8C184} [2011.10.31 19:14:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{459D7237-05DE-47D8-A116-A940B6914C1F} [2011.10.30 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{60D5C737-0B91-4D80-9817-E38A199D231A} [2011.10.30 11:45:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{01E0F387-75B6-4FF4-8C24-3F59A34A1ACB} [2011.10.30 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{42845A5D-2C21-43CB-BB9B-58976CEDB333} [2011.10.29 20:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2011.10.29 20:42:19 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BB8AF377-185A-4A07-9606-95D1ABF4780C} [2011.10.29 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{A050385D-BFF0-4AB4-8A13-3220263C282B} [2011.10.29 16:18:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C1A6BE1D-5A87-4FD7-8289-D78403250322} [2011.10.29 09:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011.10.29 09:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011.10.28 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D41946B5-C52D-4B9D-9F51-0BAC274FC3B2} [2011.10.28 07:17:43 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Documents\Vuze Downloads [2011.10.28 07:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xobni [2011.10.28 07:16:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Xobni [2011.10.28 07:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xobni [2011.10.28 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\.swt [2011.10.28 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus [2011.10.28 07:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze [2011.10.28 06:59:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F3575633-8DD9-4348-916D-5B3482681175} [2011.10.27 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{6FD6A7DD-5259-4BF0-AF23-DBCB00E04707} [2011.10.27 12:58:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{09129068-1134-4792-9F3C-58023379D0C1} [2011.10.27 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft [2011.10.27 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D89968C7-3140-441C-8B8B-203D782A0130} [2011.10.27 11:19:17 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.27 11:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.10.27 11:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.10.27 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Documents\DVDVideoSoft [2011.10.27 11:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2011.10.27 11:16:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Desktop\Selvet Flug [2011.10.27 11:14:32 | 015,170,608 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Ahmet Kocagenis\Desktop\FreeYouTubeToMP3Converter31011.exe [2011.10.27 09:52:49 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2760CDE1-FB61-47A2-AE78-734F51DAC536} [2011.10.27 06:04:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{2E44DEDA-D92F-415A-98DD-6CD6CBC5DDAC} [2011.10.26 20:27:39 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EA2A46AA-3FB7-4F9B-84EB-C7275A37F38C} [2011.10.26 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C06B7D0D-95E5-498E-ACB7-506CDC25782F} [2011.10.25 11:22:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{E23DF75B-9DFF-402F-84E7-1EEC76D62696} [2011.10.25 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{202A9EB9-FE7F-4B3A-BA6B-2DB78E7FA395} [2011.10.24 19:43:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1C729B81-E758-4886-B7D5-4E417D2B5D44} [2011.10.24 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{30A6E201-5E3A-484D-AD64-815F3C6C42FD} [2011.10.23 21:54:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D25F38E6-F59D-4D95-97A4-F6838E046152} [2011.10.23 09:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{7B26C292-03E1-4A0F-B7C1-5B1F725C3034} [2011.10.22 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{44CEFEDD-C867-4098-AA82-A0D96A222369} [2011.10.22 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{466ECDB2-0337-4BA9-AEE4-5AE6DF687558} [2011.10.22 10:59:15 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F45F6C93-B549-4E24-B7FE-FCBF4C9A35F1} [2011.10.21 23:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{91F11EE3-6A28-4AE6-A5F8-6E028E1407ED} [2011.10.21 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{9D421B81-AFDF-49B5-BBAE-A0A61B176243} [2011.10.21 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EAEDD356-9884-45E8-BBFA-ED08A20B6EC5} [2011.10.20 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{884FE75E-0B18-4C07-8782-F5AC6863A932} [2011.10.20 12:06:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{87EAA8FD-A66E-4D1F-A62B-492CEDFA49A0} [2011.10.20 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{80FA91AE-F08C-4F06-A81D-768A7F572093} [2011.10.20 10:01:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{998B36C3-FEA0-4209-AFCA-23A2FD1A3357} [2011.10.19 20:33:55 | 000,000,000 | ---D | C] -- C:\Windows\wb [2011.10.19 19:46:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\Desktop\UNI [2011.10.19 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2011.10.19 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.10.19 18:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011.10.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2011.10.19 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2011.10.19 18:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011.10.19 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Microsoft Help [2011.10.19 18:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.10.19 18:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2011.10.19 17:11:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent [2011.10.19 07:40:25 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{21C29734-A0A4-467B-A9AE-C0C9B4441DD8} [2011.10.18 17:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BFEB0C49-8933-431A-867A-B2544BFE1135} [2011.10.18 15:11:30 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{827E5185-0712-49D6-A935-22903F5AD69C} [2011.10.18 05:30:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{EF97C8B2-D214-4FFB-86ED-184625212190} [2011.10.17 08:48:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{567CA159-3852-4D37-B53F-ABA27A25D577} [2011.10.17 07:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D27A87AC-6630-40C8-AE4B-9880FCA92A14} [2011.10.16 09:01:22 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{C92EB79D-98D3-48D5-AA98-CCA91D7284E8} [2011.10.15 22:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{CEF15B66-CCAC-4053-BCB4-331E7ECADAD3} [2011.10.15 22:15:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{60A918DC-9BF0-43E4-A59A-C5EC3216B1E9} [2011.10.15 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Avira [2011.10.15 19:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.15 19:19:41 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.15 19:19:41 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.15 19:19:41 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.10.15 19:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.15 19:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.10.15 18:54:48 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.10.15 10:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.10.15 10:14:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{3AF5ECFD-2D4B-4597-B001-F0764DE4A191} [2011.10.15 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{362ED212-F7C3-4F84-B7FD-EDEEBA17AADD} [2011.10.14 09:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity [2011.10.14 08:25:48 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Unity [2011.10.14 07:46:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{1E03E1D5-ACAE-4227-807F-07664997523F} [2011.10.14 07:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F312D6B6-EEB9-4FB7-81B5-B88E555510A7} [2011.10.13 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{18A8FD01-95BE-4E11-9CE5-0A790584EB50} [2011.10.13 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{BDACDA19-1E92-4F7B-932C-CD64F935C998} [2011.10.12 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{65B02D19-078C-4B34-B9B1-64E8EA42860B} [2011.10.12 21:37:26 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{673FAE5D-C497-4E7A-A661-5AE88A043993} [2011.10.12 15:27:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.10.12 09:20:29 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{CA498DBD-2467-492D-A98A-703282AC0246} [2011.10.12 09:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{DA5C55B5-C3DB-4A9A-A738-7CDE8C1DCC9B} [2011.10.11 20:53:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{E1C9A678-A64B-46CC-A716-9BE2719D23B1} [2011.10.10 22:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle [2011.10.10 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\Diagnostics [2011.10.10 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{F0ACAE61-F711-41DB-B4E4-FE2D9A5662CB} [2011.10.10 19:48:25 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Local\{D35B9951-7A5B-49B5-8FF4-AA12419D9ECE} [2011.10.10 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games ========== Files - Modified Within 30 Days ========== [2011.11.09 15:15:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.09 15:15:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.09 15:07:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2011.11.09 15:07:46 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.09 15:07:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.09 15:07:26 | 467,787,775 | -HS- | M] () -- C:\hiberfil.sys [2011.11.09 05:45:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.09 03:04:17 | 001,552,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.09 03:04:17 | 000,666,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.09 03:04:17 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.09 03:04:17 | 000,133,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.09 03:04:17 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.08 18:14:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ahmet Kocagenis\Desktop\esetsmartinstaller_enu.exe [2011.11.07 09:50:02 | 000,002,246 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011.11.06 20:27:35 | 000,001,257 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011.11.06 19:47:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.28 10:56:42 | 000,000,466 | ---- | M] () -- C:\DATA (D) - Verknüpfung.lnk [2011.10.28 07:14:51 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2011.10.27 11:19:12 | 000,001,297 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Free Audio CD Burner.lnk [2011.10.27 11:19:12 | 000,001,241 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\DVDVideoSoft Free Studio.lnk [2011.10.27 11:19:12 | 000,001,156 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Free YouTube to MP3 Converter.lnk [2011.10.27 11:14:36 | 015,170,608 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\Ahmet Kocagenis\Desktop\FreeYouTubeToMP3Converter31011.exe [2011.10.20 10:09:19 | 000,001,075 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Darklord - Verknüpfung.lnk [2011.10.20 10:00:23 | 000,414,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.19 19:46:05 | 000,001,351 | ---- | M] () -- C:\Users\Ahmet Kocagenis\Desktop\Sticky Notes.lnk [2011.10.15 19:19:51 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2011.11.06 19:47:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.28 10:56:42 | 000,000,466 | ---- | C] () -- C:\DATA (D) - Verknüpfung.lnk [2011.10.28 07:14:51 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk [2011.10.28 07:14:51 | 000,001,850 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk [2011.10.27 11:19:12 | 000,001,297 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Free Audio CD Burner.lnk [2011.10.27 11:19:12 | 000,001,241 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\DVDVideoSoft Free Studio.lnk [2011.10.27 11:19:12 | 000,001,156 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Free YouTube to MP3 Converter.lnk [2011.10.20 10:08:23 | 000,001,075 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Darklord - Verknüpfung.lnk [2011.10.19 19:46:05 | 000,001,351 | ---- | C] () -- C:\Users\Ahmet Kocagenis\Desktop\Sticky Notes.lnk [2011.10.15 19:19:51 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.09.11 19:17:34 | 000,001,432 | ---- | C] () -- C:\Windows\cxqrf32.ini [2011.08.30 15:38:52 | 008,618,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.16 18:07:02 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.07.16 18:07:00 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2011.07.16 18:06:59 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2011.07.16 18:00:27 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.04.20 09:18:54 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.04.20 09:18:46 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.04.20 09:18:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config ========== LOP Check ========== [2011.08.26 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Asus WebStorage [2011.11.04 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus [2011.10.19 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent [2011.10.27 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft [2011.10.27 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.26 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Nuance [2011.09.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\PhotoFiltre [2011.10.19 17:01:04 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\SoftGrid Client [2011.08.30 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\TP [2011.10.14 09:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity [2011.08.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Zeon [2011.10.16 09:00:49 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.26 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Adobe [2011.08.26 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Asus WebStorage [2011.10.15 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Avira [2011.11.04 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus [2011.10.19 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\BitTorrent [2011.10.19 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\CyberLink [2011.10.27 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft [2011.10.27 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.26 18:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\FLEXnet [2011.08.26 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Identities [2011.08.26 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Macromedia [2011.11.06 19:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Media Center Programs [2011.11.06 19:25:07 | 000,000,000 | --SD | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Microsoft [2011.09.04 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Mozilla [2011.08.26 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Nuance [2011.09.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\PhotoFiltre [2011.10.19 17:01:04 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\SoftGrid Client [2011.08.30 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\TP [2011.10.14 09:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Unity [2011.09.14 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\WinRAR [2011.08.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2011.10.28 07:15:50 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2011.10.12 15:26:58 | 008,107,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Ahmet Kocagenis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
10.11.2011, 09:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei ucash Virus Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2011, 22:09
| #9 |
| | Bundespolizei ucash Virus hier das log: aber den unteren teil deines letzten post hab ich nicht ganz verstanden oder ist das schon egal? 22:01:04.0313 3648 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26 22:01:04.0727 3648 ============================================================ 22:01:04.0728 3648 Current date / time: 2011/11/10 22:01:04.0727 22:01:04.0728 3648 SystemInfo: 22:01:04.0728 3648 22:01:04.0728 3648 OS Version: 6.1.7601 ServicePack: 1.0 22:01:04.0728 3648 Product type: Workstation 22:01:04.0728 3648 ComputerName: ASUSAHMET 22:01:04.0728 3648 UserName: Ahmet Kocagenis 22:01:04.0728 3648 Windows directory: C:\Windows 22:01:04.0728 3648 System windows directory: C:\Windows 22:01:04.0729 3648 Running under WOW64 22:01:04.0729 3648 Processor architecture: Intel x64 22:01:04.0729 3648 Number of processors: 8 22:01:04.0729 3648 Page size: 0x1000 22:01:04.0729 3648 Boot type: Normal boot 22:01:04.0729 3648 ============================================================ 22:01:05.0274 3648 Initialize success 22:01:50.0828 3204 ============================================================ 22:01:50.0828 3204 Scan started 22:01:50.0828 3204 Mode: Manual; SigCheck; TDLFS; 22:01:50.0828 3204 ============================================================ 22:01:51.0387 3204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 22:01:51.0640 3204 1394ohci - ok 22:01:51.0701 3204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 22:01:51.0740 3204 ACPI - ok 22:01:51.0754 3204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 22:01:51.0876 3204 AcpiPmi - ok 22:01:51.0952 3204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 22:01:52.0021 3204 adp94xx - ok 22:01:52.0059 3204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 22:01:52.0108 3204 adpahci - ok 22:01:52.0124 3204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 22:01:52.0164 3204 adpu320 - ok 22:01:52.0251 3204 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 22:01:52.0341 3204 AFD - ok 22:01:52.0404 3204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 22:01:52.0436 3204 agp440 - ok 22:01:52.0486 3204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 22:01:52.0513 3204 aliide - ok 22:01:52.0526 3204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 22:01:52.0553 3204 amdide - ok 22:01:52.0567 3204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 22:01:52.0652 3204 AmdK8 - ok 22:01:52.0668 3204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 22:01:52.0746 3204 AmdPPM - ok 22:01:52.0813 3204 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 22:01:52.0848 3204 amdsata - ok 22:01:52.0864 3204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 22:01:52.0903 3204 amdsbs - ok 22:01:52.0932 3204 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 22:01:52.0962 3204 amdxata - ok 22:01:53.0061 3204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 22:01:53.0309 3204 AppID - ok 22:01:53.0348 3204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 22:01:53.0385 3204 arc - ok 22:01:53.0401 3204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 22:01:53.0437 3204 arcsas - ok 22:01:53.0533 3204 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 22:01:53.0635 3204 ASMMAP64 - ok 22:01:53.0754 3204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 22:01:53.0998 3204 AsyncMac - ok 22:01:54.0062 3204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 22:01:54.0092 3204 atapi - ok 22:01:54.0189 3204 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 22:01:54.0376 3204 athr - ok 22:01:54.0528 3204 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 22:01:54.0551 3204 ATKWMIACPIIO - ok 22:01:54.0733 3204 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys 22:01:54.0764 3204 avgntflt - ok 22:01:54.0858 3204 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys 22:01:54.0889 3204 avipbb - ok 22:01:54.0936 3204 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 22:01:54.0951 3204 avkmgr - ok 22:01:55.0045 3204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 22:01:55.0184 3204 b06bdrv - ok 22:01:55.0268 3204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 22:01:55.0360 3204 b57nd60a - ok 22:01:55.0416 3204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 22:01:55.0508 3204 Beep - ok 22:01:55.0602 3204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 22:01:55.0669 3204 blbdrive - ok 22:01:55.0733 3204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 22:01:55.0811 3204 bowser - ok 22:01:55.0873 3204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 22:01:55.0983 3204 BrFiltLo - ok 22:01:55.0998 3204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 22:01:56.0061 3204 BrFiltUp - ok 22:01:56.0107 3204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 22:01:56.0201 3204 Brserid - ok 22:01:56.0263 3204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 22:01:56.0341 3204 BrSerWdm - ok 22:01:56.0388 3204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:01:56.0466 3204 BrUsbMdm - ok 22:01:56.0513 3204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 22:01:56.0591 3204 BrUsbSer - ok 22:01:56.0685 3204 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 22:01:56.0778 3204 BthEnum - ok 22:01:56.0825 3204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 22:01:56.0887 3204 BTHMODEM - ok 22:01:56.0950 3204 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 22:01:57.0075 3204 BthPan - ok 22:01:57.0153 3204 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 22:01:57.0277 3204 BTHPORT - ok 22:01:57.0340 3204 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 22:01:57.0418 3204 BTHUSB - ok 22:01:57.0496 3204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 22:01:57.0605 3204 cdfs - ok 22:01:57.0667 3204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 22:01:57.0730 3204 cdrom - ok 22:01:57.0777 3204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 22:01:57.0839 3204 circlass - ok 22:01:57.0886 3204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 22:01:57.0933 3204 CLFS - ok 22:01:58.0120 3204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 22:01:58.0213 3204 CmBatt - ok 22:01:58.0276 3204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 22:01:58.0307 3204 cmdide - ok 22:01:58.0401 3204 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 22:01:58.0479 3204 CNG - ok 22:01:58.0572 3204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 22:01:58.0603 3204 Compbatt - ok 22:01:58.0713 3204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 22:01:58.0822 3204 CompositeBus - ok 22:01:59.0134 3204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 22:01:59.0165 3204 crcdisk - ok 22:01:59.0493 3204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 22:01:59.0633 3204 DfsC - ok 22:01:59.0805 3204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 22:01:59.0961 3204 discache - ok 22:02:00.0241 3204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 22:02:00.0273 3204 Disk - ok 22:02:00.0475 3204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 22:02:00.0647 3204 drmkaud - ok 22:02:01.0115 3204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 22:02:01.0193 3204 DXGKrnl - ok 22:02:01.0645 3204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 22:02:01.0833 3204 ebdrv - ok 22:02:02.0207 3204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 22:02:02.0254 3204 elxstor - ok 22:02:02.0285 3204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 22:02:02.0363 3204 ErrDev - ok 22:02:02.0472 3204 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys 22:02:02.0519 3204 ETD - ok 22:02:02.0628 3204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 22:02:02.0769 3204 exfat - ok 22:02:03.0003 3204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 22:02:03.0159 3204 fastfat - ok 22:02:03.0455 3204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 22:02:03.0517 3204 fdc - ok 22:02:03.0564 3204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 22:02:03.0595 3204 FileInfo - ok 22:02:03.0627 3204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 22:02:04.0126 3204 Filetrace - ok 22:02:04.0157 3204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 22:02:04.0625 3204 flpydisk - ok 22:02:04.0641 3204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 22:02:04.0687 3204 FltMgr - ok 22:02:04.0719 3204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 22:02:04.0750 3204 FsDepends - ok 22:02:04.0797 3204 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 22:02:04.0828 3204 fssfltr - ok 22:02:04.0859 3204 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 22:02:04.0890 3204 Fs_Rec - ok 22:02:04.0921 3204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 22:02:04.0953 3204 fvevol - ok 22:02:04.0999 3204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 22:02:05.0031 3204 gagp30kx - ok 22:02:05.0093 3204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 22:02:05.0124 3204 hcw85cir - ok 22:02:05.0155 3204 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 22:02:05.0233 3204 HdAudAddService - ok 22:02:05.0265 3204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:02:05.0327 3204 HDAudBus - ok 22:02:05.0327 3204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 22:02:05.0389 3204 HidBatt - ok 22:02:05.0421 3204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 22:02:05.0467 3204 HidBth - ok 22:02:05.0499 3204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 22:02:05.0577 3204 HidIr - ok 22:02:05.0608 3204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 22:02:05.0655 3204 HidUsb - ok 22:02:05.0717 3204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 22:02:05.0748 3204 HpSAMD - ok 22:02:05.0795 3204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 22:02:05.0935 3204 HTTP - ok 22:02:05.0958 3204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 22:02:05.0989 3204 hwpolicy - ok 22:02:06.0005 3204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 22:02:06.0036 3204 i8042prt - ok 22:02:06.0105 3204 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys 22:02:06.0140 3204 iaStor - ok 22:02:06.0200 3204 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 22:02:06.0259 3204 iaStorV - ok 22:02:06.0659 3204 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys 22:02:07.0340 3204 igfx - ok 22:02:07.0465 3204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 22:02:07.0496 3204 iirsp - ok 22:02:07.0636 3204 IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\Windows\system32\drivers\RTKVHD64.sys 22:02:07.0886 3204 IntcAzAudAddService - ok 22:02:08.0026 3204 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 22:02:08.0089 3204 IntcDAud - ok 22:02:08.0136 3204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 22:02:08.0167 3204 intelide - ok 22:02:08.0198 3204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 22:02:08.0245 3204 intelppm - ok 22:02:08.0292 3204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:02:08.0385 3204 IpFilterDriver - ok 22:02:08.0416 3204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 22:02:08.0479 3204 IPMIDRV - ok 22:02:08.0494 3204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 22:02:08.0604 3204 IPNAT - ok 22:02:08.0635 3204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 22:02:08.0713 3204 IRENUM - ok 22:02:08.0760 3204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 22:02:08.0791 3204 isapnp - ok 22:02:08.0806 3204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 22:02:08.0869 3204 iScsiPrt - ok 22:02:08.0916 3204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 22:02:08.0947 3204 kbdclass - ok 22:02:08.0978 3204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 22:02:09.0025 3204 kbdhid - ok 22:02:09.0134 3204 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 22:02:09.0150 3204 kbfiltr - ok 22:02:09.0196 3204 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 22:02:09.0228 3204 KSecDD - ok 22:02:09.0243 3204 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 22:02:09.0290 3204 KSecPkg - ok 22:02:09.0306 3204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 22:02:09.0415 3204 ksthunk - ok 22:02:09.0477 3204 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys 22:02:09.0508 3204 L1C - ok 22:02:09.0586 3204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 22:02:09.0711 3204 lltdio - ok 22:02:09.0961 3204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 22:02:10.0008 3204 LSI_FC - ok 22:02:10.0023 3204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 22:02:10.0054 3204 LSI_SAS - ok 22:02:10.0070 3204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 22:02:10.0101 3204 LSI_SAS2 - ok 22:02:10.0117 3204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 22:02:10.0148 3204 LSI_SCSI - ok 22:02:10.0195 3204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 22:02:10.0304 3204 luafv - ok 22:02:10.0366 3204 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 22:02:10.0382 3204 MBAMProtector - ok 22:02:10.0413 3204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 22:02:10.0444 3204 megasas - ok 22:02:10.0476 3204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 22:02:10.0522 3204 MegaSR - ok 22:02:10.0569 3204 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys 22:02:10.0585 3204 MEIx64 - ok 22:02:10.0663 3204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 22:02:10.0756 3204 Modem - ok 22:02:10.0803 3204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 22:02:10.0850 3204 monitor - ok 22:02:10.0944 3204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 22:02:10.0975 3204 mouclass - ok 22:02:11.0006 3204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 22:02:11.0068 3204 mouhid - ok 22:02:11.0100 3204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 22:02:11.0115 3204 mountmgr - ok 22:02:11.0131 3204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 22:02:11.0178 3204 mpio - ok 22:02:11.0193 3204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 22:02:11.0302 3204 mpsdrv - ok 22:02:11.0318 3204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 22:02:11.0443 3204 MRxDAV - ok 22:02:11.0490 3204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:02:11.0568 3204 mrxsmb - ok 22:02:11.0614 3204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:02:11.0661 3204 mrxsmb10 - ok 22:02:11.0692 3204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:02:11.0739 3204 mrxsmb20 - ok 22:02:11.0786 3204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 22:02:11.0817 3204 msahci - ok 22:02:11.0833 3204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 22:02:11.0880 3204 msdsm - ok 22:02:11.0911 3204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 22:02:12.0036 3204 Msfs - ok 22:02:12.0067 3204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 22:02:12.0176 3204 mshidkmdf - ok 22:02:12.0207 3204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 22:02:12.0238 3204 msisadrv - ok 22:02:12.0270 3204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 22:02:12.0363 3204 MSKSSRV - ok 22:02:12.0379 3204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 22:02:12.0488 3204 MSPCLOCK - ok 22:02:12.0504 3204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 22:02:12.0613 3204 MSPQM - ok 22:02:12.0644 3204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 22:02:12.0691 3204 MsRPC - ok 22:02:12.0722 3204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 22:02:12.0738 3204 mssmbios - ok 22:02:12.0769 3204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 22:02:12.0878 3204 MSTEE - ok 22:02:12.0894 3204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 22:02:12.0940 3204 MTConfig - ok 22:02:12.0972 3204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 22:02:13.0003 3204 Mup - ok 22:02:13.0065 3204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 22:02:13.0159 3204 NativeWifiP - ok 22:02:13.0299 3204 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 22:02:13.0393 3204 NDIS - ok 22:02:13.0424 3204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 22:02:13.0533 3204 NdisCap - ok 22:02:13.0580 3204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 22:02:13.0689 3204 NdisTapi - ok 22:02:13.0767 3204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 22:02:13.0876 3204 Ndisuio - ok 22:02:13.0892 3204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 22:02:14.0001 3204 NdisWan - ok 22:02:14.0032 3204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 22:02:14.0142 3204 NDProxy - ok 22:02:14.0173 3204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 22:02:14.0282 3204 NetBIOS - ok 22:02:14.0298 3204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 22:02:14.0407 3204 NetBT - ok 22:02:14.0563 3204 netr28x (f1814e62eb6e50472afc9903525ecec1) C:\Windows\system32\DRIVERS\netr28x.sys 22:02:14.0688 3204 netr28x - ok 22:02:14.0734 3204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 22:02:14.0766 3204 nfrd960 - ok 22:02:14.0828 3204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 22:02:14.0922 3204 Npfs - ok 22:02:14.0953 3204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 22:02:15.0046 3204 nsiproxy - ok 22:02:15.0140 3204 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 22:02:15.0312 3204 Ntfs - ok 22:02:15.0343 3204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 22:02:15.0468 3204 Null - ok 22:02:15.0951 3204 nvlddmkm (41a7c6ed2bab4c304633b785c884a912) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:02:16.0700 3204 nvlddmkm - ok 22:02:16.0731 3204 nvpciflt (d542153cb23459b8aad88cf17e36b670) C:\Windows\system32\DRIVERS\nvpciflt.sys 22:02:16.0747 3204 nvpciflt - ok 22:02:16.0809 3204 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 22:02:16.0840 3204 nvraid - ok 22:02:16.0872 3204 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 22:02:16.0903 3204 nvstor - ok 22:02:16.0981 3204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 22:02:17.0012 3204 nv_agp - ok 22:02:17.0028 3204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 22:02:17.0074 3204 ohci1394 - ok 22:02:17.0121 3204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 22:02:17.0184 3204 Parport - ok 22:02:17.0199 3204 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 22:02:17.0246 3204 partmgr - ok 22:02:17.0262 3204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 22:02:17.0308 3204 pci - ok 22:02:17.0340 3204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 22:02:17.0355 3204 pciide - ok 22:02:17.0386 3204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 22:02:17.0433 3204 pcmcia - ok 22:02:17.0449 3204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 22:02:17.0480 3204 pcw - ok 22:02:17.0511 3204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 22:02:17.0652 3204 PEAUTH - ok 22:02:17.0745 3204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 22:02:17.0854 3204 PptpMiniport - ok 22:02:17.0948 3204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 22:02:18.0010 3204 Processor - ok 22:02:18.0073 3204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 22:02:18.0166 3204 Psched - ok 22:02:18.0307 3204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 22:02:18.0463 3204 ql2300 - ok 22:02:18.0478 3204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 22:02:18.0510 3204 ql40xx - ok 22:02:18.0541 3204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 22:02:18.0619 3204 QWAVEdrv - ok 22:02:18.0650 3204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 22:02:18.0759 3204 RasAcd - ok 22:02:18.0806 3204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:02:18.0915 3204 RasAgileVpn - ok 22:02:18.0962 3204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:02:19.0071 3204 Rasl2tp - ok 22:02:19.0102 3204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 22:02:19.0227 3204 RasPppoe - ok 22:02:19.0258 3204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 22:02:19.0383 3204 RasSstp - ok 22:02:19.0399 3204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 22:02:19.0524 3204 rdbss - ok 22:02:19.0555 3204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 22:02:19.0602 3204 rdpbus - ok 22:02:19.0648 3204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:02:19.0742 3204 RDPCDD - ok 22:02:19.0773 3204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 22:02:19.0882 3204 RDPENCDD - ok 22:02:19.0914 3204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 22:02:20.0023 3204 RDPREFMP - ok 22:02:20.0054 3204 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 22:02:20.0179 3204 RDPWD - ok 22:02:20.0226 3204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 22:02:20.0272 3204 rdyboost - ok 22:02:20.0319 3204 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 22:02:20.0382 3204 RFCOMM - ok 22:02:20.0429 3204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 22:02:20.0538 3204 rspndr - ok 22:02:20.0569 3204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 22:02:20.0600 3204 sbp2port - ok 22:02:20.0631 3204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 22:02:20.0741 3204 scfilter - ok 22:02:20.0803 3204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 22:02:20.0897 3204 secdrv - ok 22:02:20.0959 3204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 22:02:21.0006 3204 Serenum - ok 22:02:21.0021 3204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 22:02:21.0068 3204 Serial - ok 22:02:21.0099 3204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 22:02:21.0146 3204 sermouse - ok 22:02:21.0177 3204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 22:02:21.0224 3204 sffdisk - ok 22:02:21.0240 3204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 22:02:21.0287 3204 sffp_mmc - ok 22:02:21.0302 3204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 22:02:21.0349 3204 sffp_sd - ok 22:02:21.0380 3204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 22:02:21.0411 3204 sfloppy - ok 22:02:21.0474 3204 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys 22:02:21.0552 3204 Sftfs - ok 22:02:21.0614 3204 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys 22:02:21.0661 3204 Sftplay - ok 22:02:21.0692 3204 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys 22:02:21.0708 3204 Sftredir - ok 22:02:21.0755 3204 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys 22:02:21.0770 3204 Sftvol - ok 22:02:21.0833 3204 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 22:02:21.0895 3204 SiSGbeLH - ok 22:02:21.0911 3204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 22:02:21.0942 3204 SiSRaid2 - ok 22:02:21.0957 3204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 22:02:21.0989 3204 SiSRaid4 - ok 22:02:22.0004 3204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 22:02:22.0129 3204 Smb - ok 22:02:22.0301 3204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 22:02:22.0332 3204 spldr - ok 22:02:22.0425 3204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 22:02:22.0535 3204 srv - ok 22:02:22.0581 3204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 22:02:22.0675 3204 srv2 - ok 22:02:22.0753 3204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 22:02:22.0831 3204 srvnet - ok 22:02:22.0893 3204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 22:02:22.0909 3204 stexstor - ok 22:02:22.0956 3204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 22:02:22.0987 3204 swenum - ok 22:02:23.0112 3204 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys 22:02:23.0299 3204 Tcpip - ok 22:02:23.0377 3204 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys 22:02:23.0471 3204 TCPIP6 - ok 22:02:23.0517 3204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 22:02:23.0627 3204 tcpipreg - ok 22:02:23.0658 3204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 22:02:23.0767 3204 TDPIPE - ok 22:02:23.0783 3204 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 22:02:23.0892 3204 TDTCP - ok 22:02:23.0923 3204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 22:02:24.0032 3204 tdx - ok 22:02:24.0048 3204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 22:02:24.0079 3204 TermDD - ok 22:02:24.0157 3204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:02:24.0266 3204 tssecsrv - ok 22:02:24.0313 3204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 22:02:24.0375 3204 TsUsbFlt - ok 22:02:24.0391 3204 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 22:02:24.0438 3204 TsUsbGD - ok 22:02:24.0485 3204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 22:02:24.0578 3204 tunnel - ok 22:02:24.0594 3204 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys 22:02:24.0625 3204 TurboB - ok 22:02:24.0656 3204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 22:02:24.0687 3204 uagp35 - ok 22:02:24.0719 3204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 22:02:24.0859 3204 udfs - ok 22:02:24.0890 3204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 22:02:24.0921 3204 uliagpkx - ok 22:02:24.0953 3204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 22:02:25.0015 3204 umbus - ok 22:02:25.0046 3204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 22:02:25.0093 3204 UmPass - ok 22:02:25.0140 3204 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 22:02:25.0202 3204 usbccgp - ok 22:02:25.0265 3204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 22:02:25.0327 3204 usbcir - ok 22:02:25.0374 3204 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 22:02:25.0436 3204 usbehci - ok 22:02:25.0483 3204 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 22:02:25.0577 3204 usbhub - ok 22:02:25.0623 3204 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 22:02:25.0670 3204 usbohci - ok 22:02:25.0701 3204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 22:02:25.0764 3204 usbprint - ok 22:02:25.0795 3204 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 22:02:25.0857 3204 USBSTOR - ok 22:02:25.0904 3204 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 22:02:25.0951 3204 usbuhci - ok 22:02:26.0059 3204 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 22:02:26.0121 3204 usbvideo - ok 22:02:26.0159 3204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 22:02:26.0204 3204 vdrvroot - ok 22:02:26.0262 3204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 22:02:26.0303 3204 vga - ok 22:02:26.0333 3204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 22:02:26.0423 3204 VgaSave - ok 22:02:26.0444 3204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 22:02:26.0487 3204 vhdmp - ok 22:02:26.0518 3204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 22:02:26.0545 3204 viaide - ok 22:02:26.0578 3204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 22:02:26.0610 3204 volmgr - ok 22:02:26.0632 3204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 22:02:26.0659 3204 volmgrx - ok 22:02:26.0692 3204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 22:02:26.0743 3204 volsnap - ok 22:02:26.0769 3204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 22:02:26.0807 3204 vsmraid - ok 22:02:26.0839 3204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 22:02:26.0899 3204 vwifibus - ok 22:02:26.0934 3204 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 22:02:26.0991 3204 vwififlt - ok 22:02:27.0024 3204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 22:02:27.0074 3204 WacomPen - ok 22:02:27.0121 3204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:02:27.0231 3204 WANARP - ok 22:02:27.0247 3204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:02:27.0322 3204 Wanarpv6 - ok 22:02:27.0369 3204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 22:02:27.0400 3204 Wd - ok 22:02:27.0431 3204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 22:02:27.0493 3204 Wdf01000 - ok 22:02:27.0556 3204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 22:02:27.0665 3204 WfpLwf - ok 22:02:27.0696 3204 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 22:02:27.0743 3204 WimFltr - ok 22:02:27.0790 3204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 22:02:27.0821 3204 WIMMount - ok 22:02:28.0055 3204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 22:02:28.0102 3204 WmiAcpi - ok 22:02:28.0180 3204 wolf - ok 22:02:28.0367 3204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 22:02:28.0476 3204 ws2ifsl - ok 22:02:28.0539 3204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 22:02:28.0648 3204 WudfPf - ok 22:02:28.0773 3204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:02:28.0882 3204 WUDFRd - ok 22:02:28.0960 3204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:02:29.0163 3204 \Device\Harddisk0\DR0 - ok 22:02:29.0163 3204 Boot (0x1200) (14eb14f2d9eac272f371e7520d2f6de1) \Device\Harddisk0\DR0\Partition0 22:02:29.0163 3204 \Device\Harddisk0\DR0\Partition0 - ok 22:02:29.0194 3204 Boot (0x1200) (9e6234ace4a0ef5ba6a323ab6a62b57d) \Device\Harddisk0\DR0\Partition1 22:02:29.0194 3204 \Device\Harddisk0\DR0\Partition1 - ok 22:02:29.0194 3204 ============================================================ 22:02:29.0194 3204 Scan finished 22:02:29.0194 3204 ============================================================ 22:02:29.0225 2772 Detected object count: 0 22:02:29.0225 2772 Actual detected object count: 0 22:05:59.0442 0456 Deinitialize success |
|
10.11.2011, 22:15
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei ucash Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2011, 00:07
| #11 |
| | Bundespolizei ucash Virus hier der log Combofix Logfile: Code:
ATTFilter ComboFix 11-11-10.03 - Ahmet Kocagenis 10.11.2011 22:32:19.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6056.4331 [GMT 1:00]
ausgeführt von:: c:\users\Ahmet Kocagenis\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-10 bis 2011-11-10 ))))))))))))))))))))))))))))))
.
.
2011-11-09 16:05 . 2011-11-09 16:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84DBE89-8790-4609-9F6C-9ED3D301EB20}\offreg.dll
2011-11-08 17:14 . 2011-11-08 17:14 -------- d-----w- c:\program files (x86)\ESET
2011-11-08 15:56 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84DBE89-8790-4609-9F6C-9ED3D301EB20}\mpengine.dll
2011-11-07 22:07 . 2011-11-07 22:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-06 18:48 . 2011-11-06 18:48 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-06 18:47 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 18:38 . 2011-11-06 18:38 -------- d-----w- c:\windows\Sun
2011-10-29 19:51 . 2011-10-29 19:51 -------- d-----w- c:\programdata\RELOADED
2011-10-29 19:49 . 2007-07-19 22:57 411496 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-10-29 08:33 . 2011-10-29 08:33 -------- d-----w- c:\programdata\EA Core
2011-10-29 08:33 . 2011-10-29 08:33 -------- d-----w- c:\programdata\Electronic Arts
2011-10-28 06:16 . 2011-10-28 06:16 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Local\Xobni
2011-10-28 06:16 . 2011-10-28 06:16 -------- d-----w- c:\program files (x86)\Xobni
2011-10-28 06:15 . 2011-10-28 06:15 -------- d-----w- c:\users\Ahmet Kocagenis\.swt
2011-10-28 06:14 . 2011-11-04 06:15 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Azureus
2011-10-28 06:14 . 2011-10-28 06:14 -------- d-----w- c:\program files (x86)\Vuze
2011-10-27 10:32 . 2011-10-27 10:32 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
2011-10-27 10:19 . 2011-10-27 10:19 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2011-10-27 10:18 . 2011-10-27 10:19 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2011-10-19 19:33 . 2011-10-19 19:33 -------- d-----w- c:\windows\wb
2011-10-19 17:19 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-10-19 17:19 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-10-19 17:16 . 2011-10-19 17:16 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-10-19 17:15 . 2011-10-19 17:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-10-19 17:15 . 2011-10-19 17:15 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Local\Microsoft Help
2011-10-19 17:15 . 2011-11-07 22:08 -------- d-----w- c:\programdata\Microsoft Help
2011-10-19 16:11 . 2011-10-19 18:45 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
2011-10-15 18:20 . 2011-10-15 18:20 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Avira
2011-10-15 18:19 . 2011-10-11 13:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 18:19 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 18:19 . 2011-10-11 13:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 18:19 . 2011-10-15 18:19 -------- d-----w- c:\programdata\Avira
2011-10-15 18:19 . 2011-10-15 18:19 -------- d-----w- c:\program files (x86)\Avira
2011-10-15 17:54 . 2011-10-15 17:54 -------- d-----w- C:\found.000
2011-10-15 09:16 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-10-14 08:26 . 2011-10-14 08:26 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Unity
2011-10-14 07:25 . 2011-10-14 07:25 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Local\Unity
2011-10-14 06:53 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-14 06:53 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-14 06:53 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-14 06:53 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-14 06:53 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-14 06:53 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 06:53 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-14 06:53 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-14 06:53 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 14:27 . 2011-10-12 14:27 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 16:03 . 2011-08-26 17:22 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-09-12 19:52 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-29 06:34 . 2011-08-29 06:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-27 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/16 10:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wolf;wolf;c:\games\WolfTeamTS\wolf64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74159840
*Deregistered* - 74159840
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.goggle.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ahmet Kocagenis\AppData\Roaming\Mozilla\Firefox\Profiles\cdkomaxt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\1c\06\0e5`"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-10 23:51:41
ComboFix-quarantined-files.txt 2011-11-10 22:51
.
Vor Suchlauf: 12 Verzeichnis(se), 196.710.273.024 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 197.037.056.000 Bytes frei
.
- - End Of File - - 6E57C9B7E804EDDC3C7C8B690CE0EBE6
|
|
11.11.2011, 13:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei ucash Virus Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\programdata\RELOADED
Folder::
C:\found.000
File::
c:\windows\system32\acovcnt.exe
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2011, 20:41
| #13 |
| | Bundespolizei ucash Virus Combofix Logfile: Code:
ATTFilter ComboFix 11-11-10.03 - Ahmet Kocagenis 10.11.2011 22:32:19.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6056.4331 [GMT 1:00]
ausgeführt von:: c:\users\Ahmet Kocagenis\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-10 bis 2011-11-10 ))))))))))))))))))))))))))))))
.
.
2011-11-09 16:05 . 2011-11-09 16:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84DBE89-8790-4609-9F6C-9ED3D301EB20}\offreg.dll
2011-11-08 17:14 . 2011-11-08 17:14 -------- d-----w- c:\program files (x86)\ESET
2011-11-08 15:56 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84DBE89-8790-4609-9F6C-9ED3D301EB20}\mpengine.dll
2011-11-07 22:07 . 2011-11-07 22:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-06 18:48 . 2011-11-06 18:48 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-06 18:47 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 18:38 . 2011-11-06 18:38 -------- d-----w- c:\windows\Sun
2011-10-29 19:51 . 2011-10-29 19:51 -------- d-----w- c:\programdata\RELOADED
2011-10-29 19:49 . 2007-07-19 22:57 411496 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-10-29 08:33 . 2011-10-29 08:33 -------- d-----w- c:\programdata\EA Core
2011-10-29 08:33 . 2011-10-29 08:33 -------- d-----w- c:\programdata\Electronic Arts
2011-10-28 06:16 . 2011-10-28 06:16 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Local\Xobni
2011-10-28 06:16 . 2011-10-28 06:16 -------- d-----w- c:\program files (x86)\Xobni
2011-10-28 06:15 . 2011-10-28 06:15 -------- d-----w- c:\users\Ahmet Kocagenis\.swt
2011-10-28 06:14 . 2011-11-04 06:15 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Azureus
2011-10-28 06:14 . 2011-10-28 06:14 -------- d-----w- c:\program files (x86)\Vuze
2011-10-27 10:32 . 2011-10-27 10:32 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
2011-10-27 10:19 . 2011-10-27 10:19 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2011-10-27 10:18 . 2011-10-27 10:19 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2011-10-19 19:33 . 2011-10-19 19:33 -------- d-----w- c:\windows\wb
2011-10-19 17:19 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-10-19 17:19 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-10-19 17:16 . 2011-10-19 17:16 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-10-19 17:15 . 2011-10-19 17:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-10-19 17:15 . 2011-10-19 17:15 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Local\Microsoft Help
2011-10-19 17:15 . 2011-11-07 22:08 -------- d-----w- c:\programdata\Microsoft Help
2011-10-19 16:11 . 2011-10-19 18:45 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
2011-10-15 18:20 . 2011-10-15 18:20 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Avira
2011-10-15 18:19 . 2011-10-11 13:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 18:19 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 18:19 . 2011-10-11 13:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 18:19 . 2011-10-15 18:19 -------- d-----w- c:\programdata\Avira
2011-10-15 18:19 . 2011-10-15 18:19 -------- d-----w- c:\program files (x86)\Avira
2011-10-15 17:54 . 2011-10-15 17:54 -------- d-----w- C:\found.000
2011-10-15 09:16 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-10-14 08:26 . 2011-10-14 08:26 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Unity
2011-10-14 07:25 . 2011-10-14 07:25 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Local\Unity
2011-10-14 06:53 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-14 06:53 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-14 06:53 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-14 06:53 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-14 06:53 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-14 06:53 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 06:53 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-14 06:53 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-14 06:53 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 14:27 . 2011-10-12 14:27 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 16:03 . 2011-08-26 17:22 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-09-12 19:52 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-29 06:34 . 2011-08-29 06:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-27 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/16 10:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wolf;wolf;c:\games\WolfTeamTS\wolf64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74159840
*Deregistered* - 74159840
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.goggle.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ahmet Kocagenis\AppData\Roaming\Mozilla\Firefox\Profiles\cdkomaxt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\1c\06\0e5`"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-10 23:51:41
ComboFix-quarantined-files.txt 2011-11-10 22:51
.
Vor Suchlauf: 12 Verzeichnis(se), 196.710.273.024 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 197.037.056.000 Bytes frei
.
- - End Of File - - 6E57C9B7E804EDDC3C7C8B690CE0EBE6
|
|
11.11.2011, 20:44
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei ucash Virus Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2011, 12:14
| #15 |
| | Bundespolizei ucash Virus Also hier nochmal der combofix log mit dem notepad.Der post bzw log davor war der normale combofix hab ich ausversehen gepostet sorrryyy! Combofix Logfile: Code:
ATTFilter ComboFix 11-11-10.03 - Ahmet Kocagenis 13.11.2011 10:44:51.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6056.4151 [GMT 1:00]
ausgeführt von:: c:\users\Ahmet Kocagenis\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Ahmet Kocagenis\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\dir0000.chk\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
c:\found.000\dir0000.chk\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
c:\found.000\dir0001.chk\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
c:\found.000\dir0001.chk\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
c:\found.000\dir0002.chk\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
c:\found.000\dir0002.chk\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
c:\found.000\dir0003.chk\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
c:\found.000\dir0003.chk\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
c:\found.000\dir0004.chk\System.Data.ni.dll
c:\found.000\dir0006.chk\PresentationCFFRasterizer.ni.dll
c:\found.000\dir0007.chk\ComSvcConfig.ni.exe
c:\found.000\file0000.chk
c:\found.000\file0001.chk
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-13 bis 2011-11-13 ))))))))))))))))))))))))))))))
.
.
2011-11-13 11:01 . 2011-11-13 11:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-13 11:01 . 2011-11-13 11:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-12 20:28 . 2011-11-12 20:28 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD5A8C3F-00C5-4976-9A05-12AFEB45EC40}\offreg.dll
2011-11-12 00:37 . 2011-11-12 00:37 -------- d-----w- C:\Xobni
2011-11-11 08:31 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD5A8C3F-00C5-4976-9A05-12AFEB45EC40}\mpengine.dll
2011-11-09 20:53 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 20:53 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 20:53 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:53 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 17:14 . 2011-11-08 17:14 -------- d-----w- c:\program files (x86)\ESET
2011-11-07 22:07 . 2011-11-07 22:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-06 18:48 . 2011-11-06 18:48 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 18:47 . 2011-11-06 18:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-06 18:47 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 18:38 . 2011-11-06 18:38 -------- d-----w- c:\windows\Sun
2011-10-29 19:51 . 2011-10-29 19:51 -------- d-----w- c:\programdata\RELOADED
2011-10-29 19:49 . 2007-07-19 22:57 411496 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-10-29 08:33 . 2011-10-29 08:33 -------- d-----w- c:\programdata\EA Core
2011-10-29 08:33 . 2011-10-29 08:33 -------- d-----w- c:\programdata\Electronic Arts
2011-10-28 06:16 . 2011-10-28 06:16 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Local\Xobni
2011-10-28 06:16 . 2011-10-28 06:16 -------- d-----w- c:\program files (x86)\Xobni
2011-10-28 06:15 . 2011-10-28 06:15 -------- d-----w- c:\users\Ahmet Kocagenis\.swt
2011-10-28 06:14 . 2011-11-04 06:15 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Azureus
2011-10-28 06:14 . 2011-10-28 06:14 -------- d-----w- c:\program files (x86)\Vuze
2011-10-27 10:32 . 2011-10-27 10:32 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoft
2011-10-27 10:19 . 2011-10-27 10:19 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2011-10-27 10:18 . 2011-10-27 10:19 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2011-10-19 19:33 . 2011-10-19 19:33 -------- d-----w- c:\windows\wb
2011-10-19 17:19 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-10-19 17:19 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-10-19 17:16 . 2011-10-19 17:16 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-10-19 17:15 . 2011-10-19 17:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-10-19 17:15 . 2011-10-19 17:15 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Local\Microsoft Help
2011-10-19 17:15 . 2011-11-10 23:24 -------- d-----w- c:\programdata\Microsoft Help
2011-10-19 16:11 . 2011-10-19 18:45 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\BitTorrent
2011-10-16 17:55 . 2011-10-16 17:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-15 18:20 . 2011-10-15 18:20 -------- d-----w- c:\users\Ahmet Kocagenis\AppData\Roaming\Avira
2011-10-15 18:19 . 2011-10-11 13:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 18:19 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 18:19 . 2011-10-11 13:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 18:19 . 2011-10-15 18:19 -------- d-----w- c:\programdata\Avira
2011-10-15 18:19 . 2011-10-15 18:19 -------- d-----w- c:\program files (x86)\Avira
2011-10-15 09:16 . 2011-10-19 17:19 -------- d-----w- c:\program files (x86)\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 20:25 . 2011-08-26 17:22 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-09-12 19:52 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-29 06:34 . 2011-08-29 06:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-27 05:37 . 2011-10-14 06:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-14 06:53 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-14 06:53 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-14 06:53 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-17 05:26 . 2011-10-14 06:53 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-14 06:53 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-14 06:53 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-14 06:53 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\RELOADED ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_22.46.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-09 15:24 . 2011-11-09 15:24 13396 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-11-12 16:59 . 2011-11-12 16:59 13396 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-02-18 20:13 . 2011-11-12 20:27 49688 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-12 20:27 39326 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2011-11-12 08:16 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-11-09 02:04 . 2011-11-09 02:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-11-09 02:04 . 2011-11-09 02:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-19 17:21 . 2011-10-19 20:55 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-20 14:08 . 2010-10-20 14:08 40808 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\RECALL.DLL
+ 2011-01-12 16:59 . 2011-01-12 16:59 43352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLRPC.DLL
+ 2010-10-22 13:05 . 2010-10-22 13:05 28000 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLACCT.DLL
+ 2010-10-20 14:08 . 2010-10-20 14:08 87920 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\DLGSETP.DLL
- 2011-09-04 09:21 . 2011-10-29 18:13 7264 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-09-04 09:21 . 2011-11-12 16:59 7264 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-26 17:23 . 2011-11-12 20:27 7468 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-233786055-1952707722-1195120785-1001_UserData.bin
- 2011-11-09 16:03 . 2011-11-09 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-12 20:25 . 2011-11-12 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-12 20:25 . 2011-11-12 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-09 16:03 . 2011-11-09 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-26 17:59 . 2011-11-13 09:36 239366 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2011-11-09 02:04 627864 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-12 16:58 627864 c:\windows\system32\perfh009.dat
- 2011-02-19 04:24 . 2011-11-09 02:04 666022 c:\windows\system32\perfh007.dat
+ 2011-02-19 04:24 . 2011-11-12 16:58 666022 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-11-12 16:58 110326 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-09 02:04 110326 c:\windows\system32\perfc009.dat
+ 2011-02-19 04:24 . 2011-11-12 16:58 133944 c:\windows\system32\perfc007.dat
- 2011-02-19 04:24 . 2011-11-09 02:04 133944 c:\windows\system32\perfc007.dat
- 2009-07-14 04:45 . 2011-10-20 09:00 414944 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-11-11 08:25 414944 c:\windows\system32\FNTCACHE.DAT
+ 2011-07-16 17:08 . 2011-11-12 16:59 614264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-16 17:08 . 2011-11-09 15:24 614264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-11-09 15:24 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-12 16:59 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-12 20:12 . 2011-11-12 00:37 844540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-233786055-1952707722-1195120785-1001-12288.dat
- 2011-09-12 20:12 . 2011-11-09 15:24 844540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-233786055-1952707722-1195120785-1001-12288.dat
+ 2011-11-12 16:58 . 2011-11-12 16:58 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-10-26 22:23 . 2011-10-26 22:23 925696 c:\windows\Installer\6aff1d2.msp
+ 2011-10-26 21:51 . 2011-10-26 21:51 592896 c:\windows\Installer\6aff1a7.msp
+ 2011-10-26 21:50 . 2011-10-26 21:50 599040 c:\windows\Installer\6aff176.msp
- 2011-10-19 17:30 . 2011-10-19 17:30 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-11-10 23:23 . 2011-11-10 23:23 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-11-10 23:23 . 2011-11-10 23:23 571232 c:\windows\Installer\{90140000-006E-0407-0000-0000000FF1CE}\misc.exe
- 2011-11-07 22:07 . 2011-11-07 22:07 571232 c:\windows\Installer\{90140000-006E-0407-0000-0000000FF1CE}\misc.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-10-20 13:11 . 2010-10-20 13:11 105344 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\TRANSMGR.DLL
+ 2011-03-31 13:08 . 2011-03-31 13:08 347568 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\SCNPST64.DLL
+ 2011-03-31 13:08 . 2011-03-31 13:08 336808 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\SCNPST32.DLL
+ 2010-10-22 13:05 . 2010-10-22 13:05 423280 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\RTFHTML.DLL
+ 2011-03-17 08:34 . 2011-03-17 08:34 309096 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\PSTPRX32.DLL
+ 2011-03-18 21:08 . 2011-03-18 21:08 329616 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLPH.DLL
+ 2011-03-17 08:34 . 2011-03-17 08:34 523656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLMIME.DLL
+ 2010-10-20 14:08 . 2010-10-20 14:08 122720 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLCTL.DLL
+ 2010-12-21 01:08 . 2010-12-21 01:08 616312 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONWORDADDIN.DLL
+ 2010-12-21 01:08 . 2010-12-21 01:08 561024 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONPPTADDIN.DLL
+ 2011-03-11 15:52 . 2011-03-11 15:52 140656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONENOTEMANAGED.DLL
+ 2010-12-20 23:07 . 2010-12-20 23:07 227712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONENOTEM.EXE
+ 2010-12-21 01:08 . 2010-12-21 01:08 533368 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONBTTNWD.DLL
+ 2010-12-21 01:08 . 2010-12-21 01:08 533376 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONBTTNPPT.DLL
+ 2010-12-27 22:52 . 2010-12-27 22:52 698240 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONBTTNOL.DLL
+ 2010-12-27 22:52 . 2010-12-27 22:52 233360 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OMSXP32.DLL
+ 2010-12-27 22:52 . 2010-12-27 22:52 724864 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OMSMAIN.DLL
+ 2010-12-20 22:59 . 2010-12-20 22:59 360824 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MSOUC.EXE
+ 2010-12-20 22:59 . 2010-12-20 22:59 718720 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MSOSYNC.EXE
+ 2010-10-20 14:08 . 2010-10-20 14:08 358752 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MIMEDIR.DLL
+ 2010-10-20 14:08 . 2010-10-20 14:08 273824 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MAPIPH.DLL
+ 2010-10-20 14:08 . 2010-10-20 14:08 135528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\IMPMAIL.DLL
+ 2010-12-21 01:08 . 2010-12-21 01:08 577960 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\IECONTENTSERVICE.EXE
+ 2011-03-17 08:34 . 2011-03-17 08:34 155008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ENVELOPE.DLL
+ 2010-10-22 13:05 . 2010-10-22 13:05 135032 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\CONTAB32.DLL
+ 2009-07-14 04:45 . 2011-11-11 23:09 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-29 15:10 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-11-09 02:04 . 2011-11-09 02:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-12 16:58 . 2011-11-12 16:58 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-11-09 02:04 . 2011-11-09 02:04 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-22 14:21 . 2011-10-22 14:21 3463168 c:\windows\Installer\6aff22f.msp
+ 2011-10-26 21:45 . 2011-10-26 21:45 9177600 c:\windows\Installer\6aff20e.msp
+ 2011-10-26 22:19 . 2011-10-26 22:19 1051648 c:\windows\Installer\6aff1f4.msp
+ 2011-10-26 22:23 . 2011-10-26 22:23 8821760 c:\windows\Installer\6aff1ea.msp
+ 2011-10-19 17:21 . 2011-11-10 23:24 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-19 17:21 . 2011-10-19 20:55 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-10-19 17:21 . 2011-11-10 23:24 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-03-18 20:59 . 2011-03-18 20:59 9221992 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONMAIN.DLL
+ 2011-03-02 18:21 . 2011-03-02 18:21 1683808 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\ONENOTE.EXE
+ 2011-03-18 21:08 . 2011-03-18 21:08 3250560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OLMAPI32.DLL
+ 2009-07-14 02:34 . 2011-11-11 21:53 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-10-14 16:50 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-10-23 16:10 . 2011-11-10 23:13 52174280 c:\windows\system32\MRT.exe
+ 2011-08-26 18:29 . 2011-11-12 16:59 17398104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-233786055-1952707722-1195120785-1001-8192.dat
+ 2011-10-26 21:51 . 2011-10-26 21:51 16885760 c:\windows\Installer\6aff195.msp
+ 2011-10-26 21:46 . 2011-10-26 21:46 11580928 c:\windows\Installer\6aff16d.msp
+ 2011-10-22 14:21 . 2011-10-22 14:21 21515264 c:\windows\Installer\6aff155.msp
+ 2011-03-31 13:08 . 2011-03-31 13:08 15933792 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OUTLOOK.EXE
+ 2011-04-06 18:53 . 2011-04-06 18:53 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MSORES.DLL
- 2011-11-09 02:05 . 2011-11-09 02:05 13102080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7fd5ea24b7142d03585913c69b9a964f\System.Windows.Forms.ni.dll
+ 2011-11-12 16:59 . 2011-11-12 16:59 13102080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7fd5ea24b7142d03585913c69b9a964f\System.Windows.Forms.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Ahmet Kocagenis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-27 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/16 10:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wolf;wolf;c:\games\WolfTeamTS\wolf64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.goggle.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ahmet Kocagenis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ahmet Kocagenis\AppData\Roaming\Mozilla\Firefox\Profiles\cdkomaxt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\1c\06\0e5`"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-13 12:06:30
ComboFix-quarantined-files.txt 2011-11-13 11:06
ComboFix2.txt 2011-11-10 22:51
.
Vor Suchlauf: 20 Verzeichnis(se), 194.485.280.768 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 194.518.794.240 Bytes frei
.
- - End Of File - - B1F8DB8928346C9D5D78898B1C613F34
|
|
| Themen zu Bundespolizei ucash Virus |
| beitrag, bundespolizei, durchgeführt, eingefangen, ergebniss, gefangen, gen, hoffe, malwarebytes, poste, programm, runtergeladen, thread, ucash, virus, virus eingefangen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
