ich glaub ich hab einen keylogger virus

Fener999 · 02.12.2011, 23:53

hxxp://saved.im/mtg4mtgxogq5/unbenannt.html

hxxp://saved.im/mtg4mtgyowc5/unbenannt2.html

cosinus · 03.12.2011, 00:00

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Fener999 · 03.12.2011, 21:29

Eset online scanner zeigt schon eine stunde lang 99% an aber sucht weiter ist das normal ?

Fener999 · 03.12.2011, 22:01

Hier der log von eset

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7152b42b903a7549b272dacc93043f23
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-03 08:58:29
# local_time=2011-12-03 09:58:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 620260 59475459 280851 0
# compatibility_mode=5893 16776574 100 94 88676 75344309 0 0
# compatibility_mode=8192 67108863 100 0 3712 3712 0 0
# scanned=177191
# found=10
# cleaned=0
# scan_time=7271
C:\Program Files (x86)\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-75edc39b a variant of Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4f59c15d-486029da Java/Agent.DR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\16ce36aa-59a01087 Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3dde09b1-19290c15 Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\50d08733-33c6f6d6 Java/Agent.DR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\60bff434-54c80606 Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1842b87c-31a050d6 Java/Agent.DU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\55656b3c-315476d7 a variant of Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Öztürk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1ebc74c7-3c5179e9 Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I

Fener999 · 03.12.2011, 22:02

hier der von malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8292

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.12.2011 19:05:20
mbam-log-2011-12-03 (19-05-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 341828
Laufzeit: 41 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 04.12.2011, 18:51

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Fener999 · 04.12.2011, 19:14

nur noch diese

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8298

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.12.2011 01:20:16
mbam-log-2011-12-04 (01-20-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176377
Laufzeit: 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 04.12.2011, 19:35

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Fener999 · 04.12.2011, 19:56

Hier der Log
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.12.2011 19:47:42 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Öztürk\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 72,87% Memory free
7,93 Gb Paging File | 6,56 Gb Available in Paging File | 82,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,49 Gb Total Space | 73,01 Gb Free Space | 51,60% Space Free | Partition Type: NTFS
Drive D: | 141,50 Gb Total Space | 119,81 Gb Free Space | 84,67% Space Free | Partition Type: NTFS
 
Computer Name: ÖZTÜRK-PC | User Name: Öztürk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.04 19:45:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Öztürk\Desktop\OTL.exe
PRC - [2011.10.25 22:39:48 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.06.29 07:43:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.17 22:07:16 | 003,373,456 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.03.17 22:07:00 | 000,019,872 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2010.01.19 10:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009.12.14 15:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009.08.23 12:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.06.04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005.06.22 18:23:18 | 000,036,864 | ---- | M] () -- C:\Windows\SysWOW64\LckFldService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.03 14:27:51 | 000,055,816 | ---- | M] () -- C:\Users\Öztürk\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
MOD - [2011.10.20 13:00:09 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll
MOD - [2011.10.20 12:57:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\cb8360b08641130fd39a8a04f58c3124\System.Runtime.Remoting.ni.dll
MOD - [2011.10.20 12:57:17 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011.10.20 02:19:20 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll
MOD - [2011.10.20 02:19:16 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
MOD - [2011.10.20 02:15:21 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011.10.20 02:15:01 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011.10.20 02:14:37 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011.10.20 02:14:24 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.10.20 02:14:13 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011.03.17 22:07:00 | 000,019,872 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.11.18 11:25:59 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011.10.25 22:39:48 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.10 11:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.06.29 07:43:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2005.06.22 18:23:18 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\LckFldService.exe -- (LckFldService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.14 02:30:53 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.07.08 06:20:48 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.07.08 06:20:46 | 000,095,416 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.06.29 07:43:26 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 07:43:26 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.06 17:52:54 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.06.06 17:52:19 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.06.06 17:52:09 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.03 09:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 09:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 09:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.21 09:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.28 14:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2011.03.24 23:00:00 | 000,073,552 | ---- | M] (WinAbility® Software Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Folder Guard\FGUARD64.sys -- (FGUARD64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com/babylon/deu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD B2 AA AE 59 24 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.11.27 14:28:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 20:32:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.18 10:04:11 | 000,000,000 | ---D | M]
 
[2011.06.06 15:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Öztürk\AppData\Roaming\mozilla\Extensions
[2011.11.24 21:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Öztürk\AppData\Roaming\mozilla\Firefox\Profiles\9bgnmbsn.default\extensions
[2011.06.06 17:40:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Öztürk\AppData\Roaming\mozilla\Firefox\Profiles\9bgnmbsn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.12 03:48:10 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Öztürk\AppData\Roaming\mozilla\Firefox\Profiles\9bgnmbsn.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011.11.08 12:16:25 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Öztürk\AppData\Roaming\mozilla\Firefox\Profiles\9bgnmbsn.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.06.23 00:24:59 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Öztürk\AppData\Roaming\mozilla\Firefox\Profiles\9bgnmbsn.default\extensions\battlefieldheroespatcher@ea.com
[2011.10.20 19:28:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Öztürk\AppData\Roaming\mozilla\Firefox\Profiles\9bgnmbsn.default\extensions\ffxtlbr@babylon.com
[2011.10.13 23:01:19 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Öztürk\AppData\Roaming\mozilla\Firefox\Profiles\9bgnmbsn.default\extensions\ffxtlbr@Facemoods.com
[2011.06.08 20:44:19 | 000,001,967 | ---- | M] () -- C:\Users\Öztürk\AppData\Roaming\Mozilla\Firefox\Profiles\9bgnmbsn.default\searchplugins\cars-expert.xml
[2011.10.20 19:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.31 12:33:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\Ã–ZTÃ¼RK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9BGNMBSN.DEFAULT\EXTENSIONS\{BB6BC1BB-F824-4702-90CD-35E2FB24F25D}
File not found (No name found) -- C:\USERS\Ã–ZTÃ¼RK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9BGNMBSN.DEFAULT\EXTENSIONS\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
File not found (No name found) -- C:\USERS\Ã–ZTÃ¼RK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9BGNMBSN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\Ã–ZTÃ¼RK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9BGNMBSN.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
File not found (No name found) -- C:\USERS\Ã–ZTÃ¼RK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9BGNMBSN.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
File not found (No name found) -- C:\USERS\Ã–ZTÃ¼RK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9BGNMBSN.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM
[2011.11.09 20:32:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.31 12:32:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.30 16:02:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.20 19:29:06 | 000,002,227 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.09.30 16:02:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 16:02:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.13 23:01:20 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.30 16:02:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 16:02:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 16:02:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\ztrk\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Öztürk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
 
O1 HOSTS File: ([2011.12.02 20:00:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Öztürk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Öztürk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Öztürk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Öztürk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O16 - DPF: {1FB5A5AA-3750-421C-BEA3-6E52FC5F7843} hxxp://www.ideal-bilgisayar.com.tr/NetVideoActivex.cab (NetVideoActiveX Control)
O16 - DPF: {7CF64D27-519C-4EA1-A979-ACDDB8764E49} hxxp://www.flexwatch.com/app_link/download/FwMediaCtl.cab (FwMediaCtl Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28BFF280-6E90-4AFD-8479-F1D143B61125}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CBFFE4B-B190-4B81-BDF0-4FB775E863BB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C4200CB-EBE2-488C-B4AD-9B10CCBD7C1F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D51AA745-8542-4374-B1D1-6D315F71C5B5}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.04 19:45:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Öztürk\Desktop\OTL.exe
[2011.12.03 19:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.02 21:47:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.02 19:58:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.02 19:43:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.02 19:43:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.02 19:43:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.02 19:43:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.02 19:42:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.02 19:40:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.02 15:48:32 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Roaming\Malwarebytes
[2011.12.02 15:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.02 15:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.02 15:48:22 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.02 15:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.02 15:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.12.02 15:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.11.29 22:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011.11.29 22:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\simfy
[2011.11.29 20:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE)
[2011.11.26 16:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.11.26 16:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.11.25 02:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2011.11.25 02:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.11.25 02:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2011.11.25 02:23:59 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\Documents\Simply Super Software
[2011.11.24 23:30:13 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Local\Ubisoft Game Launcher
[2011.11.24 23:21:32 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\Documents\Assassin's Creed Revelations
[2011.11.24 23:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011.11.20 20:32:44 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Local\storage
[2011.11.20 20:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Support
[2011.11.20 02:23:19 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Local\Electronic Arts
[2011.11.19 23:14:35 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Roaming\WB Games
[2011.11.18 18:37:59 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Local\Apps
[2011.11.16 22:22:10 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Roaming\TeamViewer
[2011.11.13 18:34:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.11.13 18:33:45 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011.11.13 18:33:42 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.11.13 18:33:42 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.11.13 18:33:42 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.11.13 18:33:42 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.11.13 18:33:24 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011.11.13 18:33:23 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011.11.13 18:33:23 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011.11.13 18:33:23 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011.11.13 18:33:21 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011.11.13 18:33:21 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011.11.13 18:32:56 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011.11.13 18:32:55 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.11.13 18:32:24 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011.11.12 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Local\Skyrim
[2011.11.12 20:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2011.11.12 20:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2011.11.11 16:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2011.11.11 16:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2011.11.10 22:09:10 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\Documents\Tunngle
[2011.11.10 22:09:10 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Roaming\Tunngle
[2011.11.10 22:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011.11.10 22:09:06 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2011.11.10 22:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2011.11.10 22:09:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011.11.10 22:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2011.11.10 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty - Modern Warfare 3 Deutsch
[2011.11.10 02:36:14 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garena
[2011.11.10 02:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Classic
[2011.11.10 01:10:26 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Local\Akamai
[2011.11.09 18:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2011.11.07 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\AppData\Local\WB Games
[2011.11.05 17:08:19 | 000,000,000 | ---D | C] -- C:\Users\Öztürk\Documents\My Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.04 19:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.04 19:45:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Öztürk\Desktop\OTL.exe
[2011.12.04 19:05:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 17:59:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 17:59:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 17:52:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.04 17:51:34 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.04 13:04:25 | 000,003,660 | ---- | M] () -- C:\Users\Öztürk\Desktop\Hasanovic.rar
[2011.12.04 11:01:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.12.02 20:00:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.02 17:46:58 | 001,619,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.02 17:46:58 | 000,699,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.02 17:46:58 | 000,654,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.02 17:46:58 | 000,149,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.02 17:46:58 | 000,122,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.02 15:48:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 15:44:52 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.12.02 15:43:36 | 001,642,510 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.29 22:14:38 | 000,000,032 | ---- | M] () -- C:\Users\Öztürk\.simfy
[2011.11.29 22:14:36 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2011.11.24 20:15:33 | 000,024,576 | -H-- | M] () -- C:\Users\Öztürk\Documents\photothumb.db
[2011.11.23 20:19:05 | 000,007,168 | -H-- | M] () -- C:\Users\Öztürk\Desktop\photothumb.db
[2011.11.19 02:52:16 | 000,051,270 | ---- | M] () -- C:\Users\Öztürk\AppData\Roaming\room_v3.dat
[2011.11.17 13:47:36 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.12 20:53:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011.11.11 12:40:37 | 000,491,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.10 22:09:06 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011.11.10 02:36:14 | 000,001,041 | ---- | M] () -- C:\Users\Öztürk\Desktop\Garena Classic.lnk
[2011.11.06 15:30:22 | 000,048,798 | ---- | M] () -- C:\Users\Öztürk\Desktop\2011-10-22 11.24.08.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.02 19:43:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.02 19:43:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.02 19:43:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.02 19:43:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.02 19:43:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.02 15:48:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 15:44:52 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.12.02 15:43:18 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.11.29 22:14:38 | 000,000,032 | ---- | C] () -- C:\Users\Öztürk\.simfy
[2011.11.25 02:23:37 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.11.25 02:23:37 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011.11.25 02:23:37 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.11.25 02:23:37 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011.11.13 18:33:21 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2011.11.12 20:53:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011.11.12 03:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.11.10 22:09:06 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011.11.10 02:36:14 | 000,001,041 | ---- | C] () -- C:\Users\Öztürk\Desktop\Garena Classic.lnk
[2011.11.09 18:48:32 | 000,051,270 | ---- | C] () -- C:\Users\Öztürk\AppData\Roaming\room_v3.dat
[2011.11.06 15:28:44 | 000,045,060 | ---- | C] () -- C:\Users\Öztürk\Desktop\Links für Abschlussprüfung.rtf
[2011.10.28 18:58:36 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe
[2011.10.20 19:51:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.10.19 15:36:23 | 001,642,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.05 17:21:45 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.06.23 00:51:48 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.23 00:51:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.06 16:01:41 | 000,000,135 | R--- | C] () -- C:\Windows\SysWow64\lngEng.ini
[2011.06.06 16:01:41 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\lngKor.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.09.16 16:37:40 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\ShowHCRemCfgWnd.dll
[2008.08.11 13:02:24 | 000,421,944 | ---- | C] () -- C:\Windows\SysWow64\playm4.dll
[2008.08.01 13:24:58 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\RemoteCfgRes_CHI.dll
[2008.08.01 13:24:08 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\RemoteCfgRes_TRAD.dll
[2008.08.01 13:23:32 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\RemoteCfgRes_ENG.dll
[2008.07.31 20:00:02 | 000,356,352 | ---- | C] () -- C:\Windows\SysWow64\HCNetSDK.dll
[2007.10.01 15:56:38 | 003,336,704 | ---- | C] () -- C:\Windows\SysWow64\avcodec-51.dll
[2007.10.01 15:56:38 | 000,436,224 | ---- | C] () -- C:\Windows\SysWow64\avformat-51.dll
[2007.10.01 15:56:38 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\avutil-49.dll
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.06.10 12:10:45 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\DAEMON Tools Lite
[2011.10.20 19:29:26 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\DVDVideoSoft
[2011.10.20 19:28:24 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.30 16:27:57 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\Get from YouTube
[2011.10.20 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\GetRightToGo
[2011.08.31 22:20:03 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\Image-Line
[2011.09.29 01:49:36 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\MAGIX
[2011.11.23 20:25:48 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\PhotoScape
[2011.06.30 16:31:09 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\Power Sound Editor Free
[2011.10.25 22:39:46 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\PunkBuster
[2011.08.01 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\Samsung
[2011.08.30 19:36:54 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\Simfy
[2011.08.31 22:29:20 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\SynthMaker
[2011.11.16 23:24:30 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\TeamViewer
[2011.11.25 02:16:53 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\Tunngle
[2011.11.19 23:14:35 | 000,000,000 | ---D | M] -- C:\Users\Öztürk\AppData\Roaming\WB Games
[2011.12.04 09:27:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011.09.07 15:27:52 | 000,000,720 | ---- | M] ()(C:\Users\Öztürk\AppData\Local\PMB Fik?s) -- C:\Users\Öztürk\AppData\Local\PMB Fik聥s
[2011.09.07 15:27:47 | 000,000,720 | ---- | C] ()(C:\Users\Öztürk\AppData\Local\PMB Fik?s) -- C:\Users\Öztürk\AppData\Local\PMB Fik聥s
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

--- --- ---

cosinus · 04.12.2011, 20:27

Das sieht mir nicht nach einem CustomScan aus.
Bitte die Anleitungen richtig lesen und richtig umsetzen!

Fener999 · 04.12.2011, 20:51

An der stelle wo dieses CustomFix sein sollte war nichts.

cosinus · 04.12.2011, 21:47

Ok dann kann ich nicht helfen wenn du die Anleitungen nicht richtig liest

Fener999 · 04.12.2011, 22:21

hmm naja solangsam glaube ich nich mehr dass ich einen trojaner drauf habe.

04.12.2011, 18:51	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ich glaub ich hab einen keylogger virus Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ --> ich glaub ich hab einen keylogger virus

04.12.2011, 20:27	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ich glaub ich hab einen keylogger virus Das sieht mir nicht nach einem CustomScan aus. Bitte die Anleitungen richtig lesen und richtig umsetzen! __________________ Logfiles bitte immer in CODE-Tags posten

04.12.2011, 21:47	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ich glaub ich hab einen keylogger virus Ok dann kann ich nicht helfen wenn du die Anleitungen nicht richtig liest __________________ Logfiles bitte immer in CODE-Tags posten

ich glaub ich hab einen keylogger virus

Plagegeister aller Art und deren Bekämpfung: ich glaub ich hab einen keylogger virus