| |
| |||||||
Log-Analyse und Auswertung: Windows 7: qvo6 virus noch auf dem pc?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.09.2013, 14:04
| #1 |
| |  Windows 7: qvo6 virus noch auf dem pc? Hallo, ihr Experten! Gestern konnte ich meine Google Chrome Startseite nicht mehr umändern. Stattdessen kam immer wieder die "qvo6" startseite. Ich habe aber nie über diese Suchmaschine von qvo gesucht, sondern nur mit google. Erst nach mehreren erfolglosen Versuchen, meine Startseite zu ändern, habe ich verstanden, dass es sich bei qvo um einen Virus handelt. Danach habe ich selbst einiges unternommen, um den Virus wegzubekommen. Die Startseite von qvo erscheint jetzt nicht mehr auf Chrome und auch nicht auf anderen Browsern. Ich habe aus lauter Angst um meine ganzen Dateien und aktiven Logins alle Dateien auf einen leeren USB-Stick verschoben und den Browserverlauf, aktive Logins, gespeicherte Passwörter, etc gelöscht. Ich habe trotzdem Bedenken, dass der Virus noch nicht weg ist. Habe ich überhaupt richtig gehandelt? Kann sich ein Virus auch auf einfachen Dateien wie Fotos, Videos, etc festsetzen und so auf einen USB-Stick verschoben werden? Was macht der qvo6-Virus eigentlich mit meinen Dateien und Logins in zb meinem Emailaccount? Ich habe inzwischen auch meine Passwörter geändert... Was ich gegen den Virus getan habe, ist Folgendes: 1. adwcleaner gedownloaded und suchen lassen, alles entfernt. 2. malwarebytes suchen lassen: gestern einmal quick-scan -> 4 infizierte Verzeichnisse, 11 infizierte Dateien; später noch ein vollständiger Scan -> 14 infizierte Dateien; heute morgen ein quick-scan -> kein Fund. Alles wurde in die Quarantäne geschoben. In jedem dieser "Virennamen" steckt "PUP.Optional.[...]". 3. Avira-Antivirus-schnelle-Systemprüfung heute ergab keinen Fund. Aber gestern hatte der Echtzeit-Scanner 4 Funde angezeigt und der System-Scanner 2 Schädlinge entdeckt und in Quarantäne verschoben. Was soll jetzt mit den infizierten Dateien in den Quarantänen geschehen? Soll ich sie löschen? Ich habe jetzt zudem noch einige Logfiles von gestern und von heute auf meinem Desktop: defogger_disable, FRST, Addition, Gmer, dds, attach. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:26 on 04/09/2013 (Aygün)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 03
Ran by Aygün (administrator) on SMILEY on 04-09-2013 12:33:21
Running from C:\Users\Aygün\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Octoshape ApS) C:\Users\Aygün\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Google Inc.) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296056 2012-05-29] (RealNetworks, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 255
HKCU\...\Run: [Google Update] - C:\Users\Aygün\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-04] (Google Inc.)
HKCU\...\Run: [Octoshape Streaming Services] - C:\Users\Aygün\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 255
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Roxy\...\Run: [Google Update] - C:\Users\Roxy\AppData\Local\Google\Update\GoogleUpdate.exe [ 2012-03-24] (Google Inc.)
Startup: C:\Users\Aygün\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\debug.log ()
Startup: C:\Users\Roxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {6C9EBA4C-E5E9-4954-91AE-97A83D490956} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=f77543af-541b-4df5-80ed-4ea45b1e80ab&apn_sauid=C4293C2A-F536-4AF4-936F-98463DB4EEFD
SearchScopes: HKCU - {AA467726-E70D-44B9-83B1-BAC3606C0272} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Aygün\AppData\Roaming\Mozilla\Firefox\Profiles\nqtrplsz.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Aygün\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Aygün\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Aygün\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Aygün\AppData\Roaming\Mozilla\Firefox\Profiles\nqtrplsz.default\Extensions\ich@maltegoetz.de
FF Extension: CookieCuller - C:\Users\Aygün\AppData\Roaming\Mozilla\Firefox\Profiles\nqtrplsz.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
FF Extension: personas - C:\Users\Aygün\AppData\Roaming\Mozilla\Firefox\Profiles\nqtrplsz.default\Extensions\personas@christopher.beard.xpi
FF Extension: silvermelxt - C:\Users\Aygün\AppData\Roaming\Mozilla\Firefox\Profiles\nqtrplsz.default\Extensions\silvermelxt@pardal.de.xpi
FF Extension: No Name - C:\Users\Aygün\AppData\Roaming\Mozilla\Firefox\Profiles\nqtrplsz.default\Extensions\{961408A3-C970-4577-970A-D97C29839A67}.xpi
FF Extension: No Name - C:\Users\Aygün\AppData\Roaming\Mozilla\Firefox\Profiles\nqtrplsz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "https://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Ayg\u00FCn\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ayg\u00FCn\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ayg\u00FCn\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Ayg\u00FCn\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (ProxTube) - C:\Users\AYGN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Adblock Plus) - C:\Users\AYGN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\AYGN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Aygün\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-12] ()
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-05] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [25376 2013-03-11] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-05] (Avira GmbH)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-04 12:30 - 2013-09-04 12:30 - 01950416 _____ (Farbar) C:\Users\Aygün\Desktop\FRST64.exe
2013-09-04 12:29 - 2013-09-04 12:29 - 01084575 _____ (Farbar) C:\Users\Aygün\Desktop\FRST.exe
2013-09-04 12:26 - 2013-09-04 12:26 - 00000472 _____ C:\Users\Aygün\Desktop\defogger_disable.log
2013-09-04 12:26 - 2013-09-04 12:26 - 00000000 _____ C:\Users\Aygün\defogger_reenable
2013-09-04 09:25 - 2013-09-04 09:25 - 00050477 _____ C:\Users\Aygün\Desktop\Defogger.exe
2013-09-03 22:37 - 2013-09-03 22:37 - 00010877 _____ C:\Users\Aygün\Desktop\attach.txt
2013-09-03 22:37 - 2013-09-03 22:36 - 00014292 _____ C:\Users\Aygün\Desktop\dds.txt
2013-09-03 22:33 - 2013-09-03 22:33 - 00000000 ____D C:\Users\Ayg³n
2013-09-03 20:07 - 2013-09-03 20:07 - 00688992 ____R (Swearware) C:\Users\Aygün\Desktop\dds.exe
2013-09-03 18:24 - 2013-09-03 18:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-03 18:24 - 2013-09-03 18:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aygün\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-03 18:24 - 2013-09-03 18:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aygün\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-03 18:24 - 2013-09-03 18:24 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-03 18:24 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-03 17:48 - 2013-09-03 22:29 - 00000000 ____D C:\AdwCleaner
2013-09-03 17:47 - 2013-09-03 17:47 - 01037134 _____ C:\Users\Aygün\Desktop\adwcleaner_3002.exe
2013-09-02 11:49 - 2013-09-02 11:49 - 00866281 _____ C:\Users\Roxy\Downloads\ahf_018 (8).zip
2013-09-02 11:49 - 2013-09-02 11:49 - 00432912 _____ C:\Users\Roxy\Downloads\ahf_003 (17).zip
2013-08-15 08:52 - 2013-08-15 08:52 - 00000000 ____D C:\fee601f68461d80cd9e99d2237bbf9
2013-08-15 08:49 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 08:49 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 08:49 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 08:49 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 08:49 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 08:49 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 08:49 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 08:49 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 08:49 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 08:49 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 08:49 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 08:49 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 08:49 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 08:49 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 08:49 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 08:49 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 10:42 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 10:41 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 10:41 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 10:41 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 10:41 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 10:41 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 10:41 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 10:41 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 10:41 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 10:41 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 10:41 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 10:41 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 22:19 - 2013-08-11 22:19 - 00310106 _____ C:\Users\Aygün\Downloads\ahf_009.zip
2013-08-11 22:01 - 2013-08-11 22:01 - 00432912 _____ C:\Users\Aygün\Downloads\ahf_003.zip
2013-08-08 20:40 - 2013-08-08 20:40 - 00000000 ____D C:\Users\Aygün\Cyberlink
2013-08-08 19:31 - 2013-08-08 19:31 - 00000000 ___HD C:\Users\Aygün\Documents\PDRMUSIC.TMP
2013-08-08 19:11 - 2013-08-26 23:10 - 00000000 ____D C:\Windows\system32\MRT
2013-08-05 22:23 - 2013-08-05 22:23 - 00001442 _____ C:\Users\Aygün\Downloads\BAHN_Fahrplan_20130829.ics
==================== One Month Modified Files and Folders =======
2013-09-04 12:33 - 2013-09-04 12:33 - 00000000 ____D C:\FRST
2013-09-04 12:30 - 2013-09-04 12:30 - 01950416 _____ (Farbar) C:\Users\Aygün\Desktop\FRST64.exe
2013-09-04 12:30 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 12:30 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 12:29 - 2013-09-04 12:29 - 01084575 _____ (Farbar) C:\Users\Aygün\Desktop\FRST.exe
2013-09-04 12:26 - 2013-09-04 12:26 - 00000472 _____ C:\Users\Aygün\Desktop\defogger_disable.log
2013-09-04 12:26 - 2013-09-04 12:26 - 00000000 _____ C:\Users\Aygün\defogger_reenable
2013-09-04 12:26 - 2011-12-26 09:25 - 01282899 _____ C:\Windows\WindowsUpdate.log
2013-09-04 12:26 - 2010-10-28 17:46 - 00000000 ____D C:\Users\Aygün
2013-09-04 12:22 - 2011-12-26 08:23 - 00138941 _____ C:\Windows\setupact.log
2013-09-04 12:22 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 09:54 - 2012-03-04 10:56 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1001UA.job
2013-09-04 09:25 - 2013-09-04 09:25 - 00050477 _____ C:\Users\Aygün\Desktop\Defogger.exe
2013-09-04 09:15 - 2012-03-24 19:25 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1004UA.job
2013-09-04 00:43 - 2011-12-26 09:48 - 00127982 _____ C:\Windows\PFRO.log
2013-09-04 00:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-04 00:42 - 2010-07-06 22:23 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 22:37 - 2013-09-03 22:37 - 00010877 _____ C:\Users\Aygün\Desktop\attach.txt
2013-09-03 22:36 - 2013-09-03 22:37 - 00014292 _____ C:\Users\Aygün\Desktop\dds.txt
2013-09-03 22:33 - 2013-09-03 22:33 - 00000000 ____D C:\Users\Ayg³n
2013-09-03 22:29 - 2013-09-03 17:48 - 00000000 ____D C:\AdwCleaner
2013-09-03 20:29 - 2012-01-03 01:15 - 00000000 ____D C:\Users\Roxy
2013-09-03 20:15 - 2013-02-02 20:08 - 00000000 ____D C:\Program Files\phase5
2013-09-03 20:07 - 2013-09-03 20:07 - 00688992 ____R (Swearware) C:\Users\Aygün\Desktop\dds.exe
2013-09-03 18:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources
2013-09-03 18:25 - 2013-09-03 18:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-03 18:24 - 2013-09-03 18:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aygün\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-03 18:24 - 2013-09-03 18:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aygün\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-03 18:24 - 2013-09-03 18:24 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-03 18:05 - 2012-03-04 10:57 - 00001495 _____ C:\Users\Aygün\Desktop\Google Chrome.lnk
2013-09-03 18:02 - 2013-07-02 19:06 - 00001011 _____ C:\Users\Aygün\Desktop\Mozilla Firefox.lnk
2013-09-03 18:02 - 2012-03-04 10:56 - 00000000 ____D C:\Users\Aygün\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-03 18:02 - 2010-10-28 17:46 - 00001152 _____ C:\Users\Aygün\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-03 17:54 - 2009-07-14 06:33 - 00451456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-03 17:52 - 2010-10-30 18:31 - 00000000 ___HD C:\ProgramData\ICQ
2013-09-03 17:47 - 2013-09-03 17:47 - 01037134 _____ C:\Users\Aygün\Desktop\adwcleaner_3002.exe
2013-09-03 16:15 - 2012-03-24 19:25 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1004Core.job
2013-09-03 15:22 - 2012-01-03 01:16 - 00125728 _____ C:\Users\Roxy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-03 13:51 - 2010-10-28 17:50 - 00125728 _____ C:\Users\AYGN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-03 10:54 - 2012-03-04 10:56 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1001Core.job
2013-09-02 11:49 - 2013-09-02 11:49 - 00866281 _____ C:\Users\Roxy\Downloads\ahf_018 (8).zip
2013-09-02 11:49 - 2013-09-02 11:49 - 00432912 _____ C:\Users\Roxy\Downloads\ahf_003 (17).zip
2013-08-31 10:18 - 2012-03-24 19:26 - 00002325 _____ C:\Users\Roxy\Desktop\Google Chrome.lnk
2013-08-27 10:50 - 2010-11-06 21:35 - 00000000 ____D C:\Users\Aygün\AppData\Roaming\Skype
2013-08-26 23:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-26 23:10 - 2013-08-08 19:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-26 23:07 - 2011-12-26 10:41 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-26 23:07 - 2010-07-06 23:03 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-26 23:06 - 2011-12-26 10:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-26 23:02 - 2011-10-03 20:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 08:52 - 2013-08-15 08:52 - 00000000 ____D C:\fee601f68461d80cd9e99d2237bbf9
2013-08-15 08:51 - 2009-07-14 04:04 - 00000499 _____ C:\Windows\win.ini
2013-08-13 20:59 - 2012-10-20 15:24 - 00000000 ___HD C:\Users\Roxy\Desktop\.picasaoriginals
2013-08-11 22:19 - 2013-08-11 22:19 - 00310106 _____ C:\Users\Aygün\Downloads\ahf_009.zip
2013-08-11 22:01 - 2013-08-11 22:01 - 00432912 _____ C:\Users\Aygün\Downloads\ahf_003.zip
2013-08-08 20:41 - 2010-08-09 14:13 - 00000000 ___HD C:\ProgramData\CyberLink
2013-08-08 20:40 - 2013-08-08 20:40 - 00000000 ____D C:\Users\Aygün\Cyberlink
2013-08-08 19:46 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-08 19:36 - 2010-12-24 22:05 - 00000000 ____D C:\Users\Aygün\AppData\Roaming\CyberLink
2013-08-08 19:31 - 2013-08-08 19:31 - 00000000 ___HD C:\Users\Aygün\Documents\PDRMUSIC.TMP
2013-08-08 19:31 - 2011-08-30 14:48 - 00000000 ____D C:\Users\Aygün\Documents\CyberLink
2013-08-08 19:31 - 2010-12-24 22:05 - 00000000 ___HD C:\Users\Public\CyberLink
2013-08-05 22:23 - 2013-08-05 22:23 - 00001442 _____ C:\Users\Aygün\Downloads\BAHN_Fahrplan_20130829.ics
Files to move or delete:
====================
C:\Users\AYGN~1\AppData\Local\Temp\AskSLib.dll
C:\Users\AYGN~1\AppData\Local\Temp\AutoRun.exe
C:\Users\AYGN~1\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\AYGN~1\AppData\Local\Temp\avguidx.dll
C:\Users\AYGN~1\AppData\Local\Temp\CommonInstaller.exe
C:\Users\AYGN~1\AppData\Local\Temp\eauninstall.exe
C:\Users\AYGN~1\AppData\Local\Temp\First15.exe
C:\Users\AYGN~1\AppData\Local\Temp\icqsetup.exe
C:\Users\AYGN~1\AppData\Local\Temp\iGearedHelper.dll
C:\Users\AYGN~1\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\AYGN~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\AYGN~1\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\AYGN~1\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\AYGN~1\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\AYGN~1\AppData\Local\Temp\Quarantine.exe
C:\Users\AYGN~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\AYGN~1\AppData\Local\Temp\stubhelper.dll
C:\Users\AYGN~1\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\AYGN~1\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\AYGN~1\AppData\Local\Temp\uninst1.exe
C:\Users\AYGN~1\AppData\Local\Temp\VP6Install.exe
C:\Users\AYGN~1\AppData\Local\Temp\VP6VFW.dll
C:\Users\AYGN~1\AppData\Local\Temp\~rnsetu0\GEMSETUP\pnrs3260.dll
C:\Users\AYGN~1\AppData\Local\Temp\{A94135E2-A502-4A8B-BEEC-7CD581844F71}\setup.exe
C:\Users\AYGN~1\AppData\Local\Temp\{4E358094-FDE5-4B88-ADCF-F79639F5BFF6}\setup.exe
C:\Users\AYGN~1\AppData\Local\Temp\tmp2013134947\7za.dll
C:\Users\AYGN~1\AppData\Local\Temp\tmp2013134947\MF_setup_1.0.9.41.exe
C:\Users\AYGN~1\AppData\Local\Temp\tmp2013134947\setup.exe
C:\Users\AYGN~1\AppData\Local\Temp\is-DRUKU.tmp\_isetup\_shfoldr.dll
C:\Users\AYGN~1\AppData\Local\Temp\DEEA.dir\InstallFlashPlayer.exe
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\BabMaint.exe
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\BUSolution.dll
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\BUSUninstall.exe
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\ccp.exe
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\ChromeToolbarSetup.dll
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\CrxInstaller.dll
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\GUninstaller.exe
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\IEHelper.dll
C:\Users\AYGN~1\AppData\Local\Temp\779D855D-BAB0-7891-B9D3-231B57239C7B\sqlite3.dll
C:\Users\AYGN~1\AppData\Local\Temp\75496E70-BAB0-7891-8B47-0AF408373093\BUSolForMontiera.dll
C:\Users\AYGN~1\AppData\Local\Temp\75496E70-BAB0-7891-8B47-0AF408373093\ccp.exe
C:\Users\AYGN~1\AppData\Local\Temp\75496E70-BAB0-7891-8B47-0AF408373093\ChromeToolbarSetup.dll
C:\Users\AYGN~1\AppData\Local\Temp\75496E70-BAB0-7891-8B47-0AF408373093\CrxInstaller.dll
C:\Users\AYGN~1\AppData\Local\Temp\75496E70-BAB0-7891-8B47-0AF408373093\GUninstaller.exe
C:\Users\AYGN~1\AppData\Local\Temp\75496E70-BAB0-7891-8B47-0AF408373093\MntrDLLInstall.dll
C:\Users\Leyla\AppData\Local\Temp\AskSLib.dll
C:\Users\Leyla\AppData\Local\Temp\ispA4AB.tmp\_Setup.dll
C:\Users\Leyla\AppData\Local\Temp\isp3B00.tmp\_Setup.dll
C:\Users\Leyla\AppData\Local\Temp\bye5DE7.tmp\Disk1\setup.exe
C:\Users\Leyla\AppData\Local\Temp\bye3C92.tmp\Disk1\setup.exe
C:\Users\Roxy\AppData\Local\Temp\AskSLib.dll
C:\Users\Roxy\AppData\Local\Temp\contentDATs.exe
C:\Users\Roxy\AppData\Local\Temp\SecurityScan_Release.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 00:30
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2013 03 Ran by Aygün at 2013-09-04 12:34:31 Running from C:\Users\Aygün\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acrobat.com (Version: 1.6.65) Adobe AIR (Version: 2.7.1.19610) Adobe Flash Player 11 ActiveX (Version: 11.2.202.228) Adobe Flash Player 11 Plugin (Version: 11.6.602.171) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Adobe Shockwave Player 11.6 (Version: 11.6.0.626) Ashampoo Burning Studio (Version: 9.23.0) Ashampoo Photo Commander (Version: 8.1.0) Ashampoo Snap (Version: 3.4.0) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27) Avira Free Antivirus (Version: 13.0.0.3885) CCleaner (Version: 2.29) Cisco EAP-FAST Module (Version: 2.2.14) Cisco LEAP Module (Version: 1.0.19) Cisco PEAP Module (Version: 1.1.6) Content Transfer (Version: 1.3.0.23190) CorelDRAW Essentials 4 CorelDRAW Essentials 4 - Content (Version: 4.0) CorelDRAW Essentials 4 - Draw (Version: 4.0) CorelDRAW Essentials 4 - Filters (Version: 4.0) CorelDRAW Essentials 4 - ICA (Version: 4.0) CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0) CorelDRAW Essentials 4 - Lang BR (Version: 4.0) CorelDRAW Essentials 4 - Lang DE (Version: 4.0) CorelDRAW Essentials 4 - Lang EN (Version: 4.0) CorelDRAW Essentials 4 - Lang ES (Version: 4.0) CorelDRAW Essentials 4 - Lang FR (Version: 4.0) CorelDRAW Essentials 4 - Lang IT (Version: 4.0) CorelDRAW Essentials 4 - Lang NL (Version: 4.0) CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0) CorelDRAW Essentials 4 - Windows Shell Extension CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1) CorelDRAW Essentials 4 (Version: 4.0) CyberLink LabelPrint (Version: 2.5.2602) CyberLink MediaShow (Version: 5.0.1410a) CyberLink MediaShow Espresso (Version: 5.5.1412_24021) CyberLink PhotoNow (Version: 1.1.6904) CyberLink Power2Go (Version: 6.1.3602c) CyberLink PowerDirector (Version: 8.0.2718) CyberLink PowerDVD 9 (Version: 9.0.2925.52) CyberLink PowerDVD Copy (Version: 1.5.1306) CyberLink PowerProducer (Version: 5.0.2.2326) CyberLink YouCam (Version: 3.0.2626) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Die Sims 2 Domingo 2 Version 2.1.1. Free YouTube Download version 3.2.8.717 (Version: 3.2.8.717) Free YouTube to MP3 Converter version 3.12.5.628 (Version: 3.12.5.628) Google Chrome (HKCU Version: 29.0.1547.62) H2O-Widget - neue Schätze (Version: 2.1.1) Haali Media Splitter HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 22.50.231.0) HP Officejet 6500 E710a-f Hilfe (Version: 140.0.2.2) HP Update (Version: 5.002.006.003) I.R.I.S. OCR (Version: 12.3.4.0) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2182) Intel(R) Management Engine Components (Version: 6.0.0.1179) Intel(R) Rapid Storage Technology (Version: 9.6.0.1014) Internet-TV für Windows Media Center (Version: 4.2.2.0) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JavaFX 2.1.1 (Version: 2.1.1) Junk Mail filter update (Version: 14.0.8117.416) KING 2012 Launch Manager (Version: 1.5.1.2) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Medion Home Cinema (Version: 8.0.1505) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0) Microsoft PowerPoint Viewer (Version: 14.0.7015.1000) Microsoft Security Client (Version: 4.3.0215.0) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 4.3.215.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MicroWorlds EX (Version: 1.6.1) MIKSOFT Mobile Media Converter MiPony 2.0.2 (Version: 2.0.2) Mozilla Firefox 11.0 (x86 de) (Version: 11.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) NetCologne NetDSL-Installationsdateien entfernen NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA Systemsteuerung 311.00 (Version: 311.00) NWZ-S750 WALKMAN Guide (Version: 2.1.0.17210) Octoshape Streaming Services OpenOffice.org 3.3 (Version: 3.3.9567) PC Connectivity Solution (Version: 8.15.0.0) Phase 5 HTML-Editor (Version: 5.6.2.3) Picasa 3 (Version: 3.9) PlayReady PC Runtime x86 (Version: 1.3.0) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealPlayer (Version: 15.0.4) Realtek High Definition Audio Driver (Version: 6.0.1.6128) Realtek USB 2.0 Card Reader (Version: 6.1.7600.30121) REALTEK Wireless LAN Driver (Version: 1.00.0148) RealUpgrade 1.1 (Version: 1.1.0) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0) Screenshot Captor 2.88.01 Skype 6.6 (Version: 6.6.106) swMSM (Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 14.0.19.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Vocup 1.4.3 (Version: 1.4.3) Windows Live Anmelde-Assistent (Version: 5.000.818.5) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Fotogalerie (Version: 14.0.8117.416) Windows Live Mail (Version: 14.0.8117.0416) Windows Live Messenger (Version: 14.0.8117.0416) Windows Live Movie Maker (Version: 14.0.8117.0416) Windows Live Sync (Version: 14.0.8117.416) Windows Live Writer (Version: 14.0.8117.0416) Windows Live-Uploadtool (Version: 14.0.8014.1029) Windows Media Encoder 9 Series Windows Media Encoder 9 Series (Version: 9.00.2980) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0) WinRAR archiver X10 Hardware(TM) ==================== Restore Points ========================= 08-08-2013 17:10:45 Windows Update 11-08-2013 19:09:21 Windows Update 15-08-2013 06:46:18 Windows Update 26-08-2013 08:18:23 Windows Update 26-08-2013 20:57:02 Windows Update 27-08-2013 08:33:04 Windows Update 27-08-2013 08:35:29 Windows Update 27-08-2013 08:38:25 Windows Update 27-08-2013 08:51:09 Windows Update 30-08-2013 08:59:54 Windows Update 02-09-2013 17:20:04 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {07775B97-AC3E-450C-A805-8225DA20AA59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1001UA => C:\Users\Aygün\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04] (Google Inc.) Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started Task: {2F4E6092-5CBD-40B5-B807-E2C8E576A05B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {2F6DA307-E893-4E54-9A34-341B7ADD6F6E} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {3FBDDA87-F5B7-4499-A174-4148BABCC537} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-132090609-2241821968-963968904-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {48C32584-22C2-41F1-92BD-0ED4B70C2C31} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation) Task: {4C4B93AD-636A-49DA-9FEE-6651B6BE803D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-132090609-2241821968-963968904-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {804D7A01-4C5D-4278-B714-CC8D8089B105} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-132090609-2241821968-963968904-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {92165A32-9F27-4BA3-A119-2367A851F8D0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-132090609-2241821968-963968904-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {959A829F-7BE1-4973-B93D-38AF512184D8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-132090609-2241821968-963968904-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {9EAD579B-2839-42DD-B130-90797C62FBCD} - System32\Tasks\{4C18FAB8-BAAF-4C0F-AF2D-49694E339628} => c:\users\aygün\appdata\local\google\chrome\application\chrome.exe [2013-08-24] (Google Inc.) Task: {A31FB7F6-7C3D-446A-BAB7-A29D2D1DEAD0} - System32\Tasks\{EF533E58-6D10-452A-8F74-9B7DB2985EA2} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.) Task: {A59CC766-93B0-4EBF-921B-B63CD7CB7A0D} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe No File Task: {A85DD1EA-1D6F-47A4-BCFF-6D19ECD3A8F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1004Core => C:\Users\Roxy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.) Task: {AFA1AB0D-1E55-4785-AF34-DD1ACA45E402} - System32\Tasks\{912DE783-0638-474F-9092-86ED8EEC911C} => C:\Windows\System32\IPCamera.exe No File Task: {BB0BDFCA-331E-4C1C-B2DA-CD19C3CD1E43} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc Task: {D19D276E-7D24-44BD-BAA5-B2E16ED761B6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-132090609-2241821968-963968904-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {D4472C59-50F3-4698-99F5-38BFC45F5ED3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1004UA => C:\Users\Roxy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.) Task: {D97980DA-26C7-48FB-9BDF-CCB5D86EA34A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1001Core => C:\Users\Aygün\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04] (Google Inc.) Task: {EFD42F1A-4D57-437F-9409-BAE1090E958C} - System32\Tasks\{D8AB0833-C1D0-4126-A77D-F931DCC19DD5} => c:\program files\mozilla firefox\firefox.exe [2012-03-19] (Mozilla Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1001Core.job => C:\Users\Aygün\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1001UA.job => C:\Users\Aygün\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1004Core.job => C:\Users\Roxy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132090609-2241821968-963968904-1004UA.job => C:\Users\Roxy\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-11 18:22 - 2013-03-11 18:22 - 00201576 _____ (NVIDIA Corporation) c:\windows\system32\nvinit.dll 2010-08-09 06:37 - 2012-01-10 21:55 - 07988224 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll 2010-07-06 23:35 - 2008-10-15 15:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\D3Dx10_40.dll 2012-05-29 10:25 - 2012-05-29 10:25 - 00028160 _____ (RealNetworks, Inc.) C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll 2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2010-10-29 16:55 - 2004-09-08 19:51 - 00121344 _____ () C:\Program Files\WinRAR\rarext.dll 2011-06-11 01:58 - 2011-06-11 01:58 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll 2011-06-11 01:58 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll 2011-06-11 01:58 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll 2011-06-11 01:58 - 2011-06-11 01:58 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL 2013-04-13 21:18 - 2013-01-10 23:09 - 00848160 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2013-03-11 18:22 - 2013-03-11 18:22 - 02504096 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2013-04-13 21:18 - 2013-01-10 23:10 - 00055072 _____ (NVIDIA Corporation) C:\Windows\system32\Nv3DAppShExtR.dll 2011-06-23 20:48 - 2010-11-20 14:18 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll 2010-08-09 06:37 - 2012-01-10 21:15 - 00057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll 2012-01-10 21:17 - 2012-01-10 21:17 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc 2011-06-23 20:47 - 2010-11-20 14:20 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\SPPC.DLL 2010-08-09 14:53 - 2010-06-02 16:42 - 00141928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM\RtkCfg.dll 2010-08-09 14:53 - 2010-06-02 16:42 - 03583080 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll 2010-08-04 08:49 - 2009-12-10 19:23 - 00173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2010-08-04 08:49 - 2009-12-10 19:23 - 00161064 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2010-04-27 09:33 - 2010-04-27 09:33 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll 2010-08-09 15:24 - 2009-10-23 01:58 - 00211232 _____ (Wistron Corp.) C:\Program Files\Launch Manager\KBHOOK.dll 2010-08-09 06:37 - 2012-01-10 21:14 - 00096256 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL 2012-01-10 21:14 - 2012-01-10 21:14 - 09030656 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll 2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll 2011-06-23 20:47 - 2010-11-20 14:08 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.dll 2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll 2013-05-14 22:01 - 2011-03-23 15:28 - 00407552 _____ (Octoshape ApS) C:\Users\Aygün\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-libOctoshapeClient.dll 2013-09-03 16:09 - 2013-08-24 19:48 - 47099856 _____ (Google Inc.) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome.dll 2013-09-03 16:09 - 2013-08-24 19:48 - 09962960 _____ (The ICU Project) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\icudt.dll 2010-08-09 06:37 - 2012-01-10 22:12 - 00581120 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll 2010-08-09 06:37 - 2012-01-10 22:18 - 06323712 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll 2013-09-03 16:09 - 2013-08-24 18:07 - 03231688 _____ (Microsoft Corporation) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\D3DCompiler_46.dll 2013-09-03 16:09 - 2013-08-24 19:49 - 00709584 _____ () C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\libglesv2.dll 2013-09-03 16:09 - 2013-08-24 19:49 - 00099792 _____ () C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\libegl.dll 2013-09-03 16:09 - 2013-08-24 19:49 - 04053456 _____ () C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll 2013-09-03 16:09 - 2013-08-24 19:49 - 00410576 _____ () C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll 2013-09-03 16:09 - 2013-08-24 19:49 - 02110928 _____ (Google Inc.) C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\libpeerconnection.dll 2013-09-03 16:09 - 2013-08-24 19:48 - 01604560 _____ () C:\Users\Aygün\AppData\Local\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/04/2013 09:38:08 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden. Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet. ], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet. ], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist. ], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet. ]. Vorgang: Asynchroner Vorgang wird ausgeführt Kontext: Aktueller Status: DoSnapshotSet Error: (09/04/2013 09:38:07 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten. Fehlerkontext: DeviceIoControl(\\?\Volume{ff8fe6d5-e2f2-11df-b89e-806e6f6e6963} - 00000064,0x0053c010,0062BDB0,0,0062ADA8,4096,[0]). Vorgang: Schattenkopien werden übertragen Kontext: Ausführungskontext: System Provider Error: (09/03/2013 08:34:59 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 14.0.6009.1000, Zeitstempel: 0x4cc1a4ed Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00610069 ID des fehlerhaften Prozesses: 0x10b8 Startzeit der fehlerhaften Anwendung: 0xPOWERPNT.EXE0 Pfad der fehlerhaften Anwendung: POWERPNT.EXE1 Pfad des fehlerhaften Moduls: POWERPNT.EXE2 Berichtskennung: POWERPNT.EXE3 Error: (09/03/2013 02:12:18 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden. Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet. ], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet. ], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist. ], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet. ]. Vorgang: Asynchroner Vorgang wird ausgeführt Kontext: Aktueller Status: DoSnapshotSet Error: (09/03/2013 02:12:18 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten. Fehlerkontext: DeviceIoControl(\\?\Volume{ff8fe6d5-e2f2-11df-b89e-806e6f6e6963} - 00000124,0x0053c010,009BADA8,0,009BBDB0,4096,[0]). Vorgang: Schattenkopien werden übertragen Kontext: Ausführungskontext: System Provider Error: (09/03/2013 01:51:59 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: eXQ.exe, Version: 1.0.2.2628, Zeitstempel: 0x52259b74 Name des fehlerhaften Moduls: nvinit.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50ef1be5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x754bce59 ID des fehlerhaften Prozesses: 0xf28 Startzeit der fehlerhaften Anwendung: 0xeXQ.exe0 Pfad der fehlerhaften Anwendung: eXQ.exe1 Pfad des fehlerhaften Moduls: eXQ.exe2 Berichtskennung: eXQ.exe3 Error: (08/28/2013 05:10:56 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06 Error: (08/28/2013 05:10:55 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06 Error: (08/28/2013 05:10:54 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06 Error: (08/28/2013 05:10:54 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06 System errors: ============= Error: (09/04/2013 00:45:04 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/04/2013 00:41:11 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht. Error: (09/03/2013 06:14:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/03/2013 06:14:21 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht. Error: (09/03/2013 04:02:52 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (08/30/2013 10:50:49 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Microsoft-Netzwerkinspektion" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/30/2013 10:50:49 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft-Netzwerkinspektion erreicht. Error: (08/28/2013 09:30:10 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/28/2013 09:30:10 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (08/28/2013 09:30:09 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Microsoft Office Sessions: ========================= Error: (09/04/2013 09:38:08 AM) (Source: VSS)(User: ) Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet. 0x00000000, Der Vorgang wurde erfolgreich beendet. 0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist. 0x00000000, Der Vorgang wurde erfolgreich beendet. Vorgang: Asynchroner Vorgang wird ausgeführt Kontext: Aktueller Status: DoSnapshotSet Error: (09/04/2013 09:38:07 AM) (Source: VSS)(User: ) Description: DeviceIoControl(\\?\Volume{ff8fe6d5-e2f2-11df-b89e-806e6f6e6963} - 00000064,0x0053c010,0062BDB0,0,0062ADA8,4096,[0]) Vorgang: Schattenkopien werden übertragen Kontext: Ausführungskontext: System Provider Error: (09/03/2013 08:34:59 PM) (Source: Application Error)(User: ) Description: POWERPNT.EXE14.0.6009.10004cc1a4edunknown0.0.0.000000000c00000050061006910b801cea8d449d08ae4C:\PROGRA~1\MICROS~2\Office14\POWERPNT.EXEunknown88fc2c97-14c7-11e3-8cfc-00262dc1d71f Error: (09/03/2013 02:12:18 PM) (Source: VSS)(User: ) Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet. 0x00000000, Der Vorgang wurde erfolgreich beendet. 0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist. 0x00000000, Der Vorgang wurde erfolgreich beendet. Vorgang: Asynchroner Vorgang wird ausgeführt Kontext: Aktueller Status: DoSnapshotSet Error: (09/03/2013 02:12:18 PM) (Source: VSS)(User: ) Description: DeviceIoControl(\\?\Volume{ff8fe6d5-e2f2-11df-b89e-806e6f6e6963} - 00000124,0x0053c010,009BADA8,0,009BBDB0,4096,[0]) Vorgang: Schattenkopien werden übertragen Kontext: Ausführungskontext: System Provider Error: (09/03/2013 01:51:59 PM) (Source: Application Error)(User: ) Description: eXQ.exe1.0.2.262852259b74nvinit.dll_unloaded0.0.0.050ef1be5c0000005754bce59f2801cea89bec671907C:\Users\AYGN~1\AppData\Local\Temp\eIntaller\60196A172F144803B2B6F24B25D514F2\eXQ.exenvinit.dll3d22ac51-148f-11e3-8256-00262dc1d71f Error: (08/28/2013 05:10:56 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06 XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 Error: (08/28/2013 05:10:55 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06 XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 Error: (08/28/2013 05:10:54 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06 System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Error: (08/28/2013 05:10:54 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06 System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 3253.42 MB Available physical RAM: 1857.05 MB Total Pagefile: 6505.13 MB Available Pagefile: 4741.77 MB Total Virtual: 2047.88 MB Available Virtual: 1911.8 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:503.53 GB) NTFS Drive d: (Recover) (Fixed) (Total:30 GB) (Free:9.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=565 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-04 13:18:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\AYGN~1\AppData\Local\Temp\uwtdypod.sys
---- System - GMER 2.1 ----
SSDT 919B0076 ZwCreateSection
SSDT 919B0080 ZwRequestWaitReplyPort
SSDT 919B007B ZwSetContextThread
SSDT 919B0085 ZwSetSecurityObject
SSDT 919B008A ZwSystemDebugControl
SSDT 919B0017 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E88A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC2212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC958C 4 Bytes [76, 00, 9B, 91] {JBE 0x2; WAIT ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EC98E8 4 Bytes [80, 00, 9B, 91] {ADD BYTE [EAX], 0x9b; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EC992C 4 Bytes [7B, 00, 9B, 91] {JNP 0x2; WAIT ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EC99A8 4 Bytes [85, 00, 9B, 91] {TEST [EAX], EAX; WAIT ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EC99FC 4 Bytes [8A, 00, 9B, 91] {MOV AL, [EAX]; WAIT ; XCHG ECX, EAX}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtCreateFile + 6 778A560E 4 Bytes [28, 84, 08, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtCreateFile + B 778A5613 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtMapViewOfSection + 6 778A5C6E 4 Bytes [28, 87, 08, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtMapViewOfSection + B 778A5C73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenFile + 6 778A5D1E 4 Bytes [68, 84, 08, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenFile + B 778A5D23 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenProcess + 6 778A5DCE 4 Bytes [A8, 85, 08, 01] {TEST AL, 0x85; OR [ECX], AL}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenProcess + B 778A5DD3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenProcessToken + B 778A5DE3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenProcessTokenEx + 6 778A5DEE 4 Bytes [A8, 86, 08, 01] {TEST AL, 0x86; OR [ECX], AL}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenProcessTokenEx + B 778A5DF3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenThread + 6 778A5E4E 4 Bytes [68, 85, 08, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenThread + B 778A5E53 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenThreadToken + 6 778A5E5E 4 Bytes [68, 86, 08, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenThreadToken + B 778A5E63 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtOpenThreadTokenEx + B 778A5E73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtQueryAttributesFile + 6 778A5F7E 4 Bytes [A8, 84, 08, 01] {TEST AL, 0x84; OR [ECX], AL}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtQueryAttributesFile + B 778A5F83 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtQueryFullAttributesFile + B 778A6033 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtSetInformationFile + 6 778A667E 4 Bytes [28, 85, 08, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtSetInformationFile + B 778A6683 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtSetInformationThread + 6 778A66DE 4 Bytes [28, 86, 08, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtSetInformationThread + B 778A66E3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtUnmapViewOfSection + 6 778A69FE 4 Bytes [68, 87, 08, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2532] ntdll.dll!NtUnmapViewOfSection + B 778A6A03 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + 6 778A560E 4 Bytes [28, 74, 52, 00] {SUB [EDX+EDX*2+0x0], DH}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + B 778A5613 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + 6 778A5C6E 4 Bytes [28, 77, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + B 778A5C73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + 6 778A5D1E 4 Bytes [68, 74, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + B 778A5D23 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + 6 778A5DCE 4 Bytes [A8, 75, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + B 778A5DD3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessToken + 6 778A5DDE 4 Bytes CALL 768AB058 C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessToken + B 778A5DE3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + 6 778A5DEE 4 Bytes [A8, 76, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + B 778A5DF3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + 6 778A5E4E 4 Bytes [68, 75, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + B 778A5E53 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + 6 778A5E5E 4 Bytes [68, 76, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + B 778A5E63 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadTokenEx + 6 778A5E6E 4 Bytes CALL 768AB0E9 C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadTokenEx + B 778A5E73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + 6 778A5F7E 4 Bytes [A8, 74, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + B 778A5F83 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryFullAttributesFile + 6 778A602E 4 Bytes CALL 768AB2A7 C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryFullAttributesFile + B 778A6033 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + 6 778A667E 4 Bytes [28, 75, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + B 778A6683 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + 6 778A66DE 4 Bytes [28, 76, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + B 778A66E3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + 6 778A69FE 4 Bytes [68, 77, 52, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + B 778A6A03 1 Byte [E2]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3176] kernel32.dll!SetUnhandledExceptionFilter 7606F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtCreateFile + 6 778A560E 4 Bytes [28, 28, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtCreateFile + B 778A5613 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtMapViewOfSection + 6 778A5C6E 4 Bytes [28, 2B, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtMapViewOfSection + B 778A5C73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenFile + 6 778A5D1E 4 Bytes [68, 28, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenFile + B 778A5D23 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcess + 6 778A5DCE 4 Bytes [A8, 29, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcess + B 778A5DD3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcessToken + 6 778A5DDE 4 Bytes CALL 768A950C C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcessToken + B 778A5DE3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcessTokenEx + 6 778A5DEE 4 Bytes [A8, 2A, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcessTokenEx + B 778A5DF3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThread + 6 778A5E4E 4 Bytes [68, 29, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThread + B 778A5E53 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThreadToken + 6 778A5E5E 4 Bytes [68, 2A, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThreadToken + B 778A5E63 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThreadTokenEx + 6 778A5E6E 4 Bytes CALL 768A959D C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThreadTokenEx + B 778A5E73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtQueryAttributesFile + 6 778A5F7E 4 Bytes [A8, 28, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtQueryAttributesFile + B 778A5F83 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtQueryFullAttributesFile + 6 778A602E 4 Bytes CALL 768A975B C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtQueryFullAttributesFile + B 778A6033 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtSetInformationFile + 6 778A667E 4 Bytes [28, 29, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtSetInformationFile + B 778A6683 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtSetInformationThread + 6 778A66DE 4 Bytes [28, 2A, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtSetInformationThread + B 778A66E3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6 778A69FE 4 Bytes [68, 2B, 37, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtUnmapViewOfSection + B 778A6A03 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + 6 778A560E 4 Bytes [28, 0C, 04, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + B 778A5613 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + 6 778A5C6E 4 Bytes [28, 0F, 04, 01] {SUB [EDI], CL; ADD AL, 0x1}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + B 778A5C73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + 6 778A5D1E 4 Bytes [68, 0C, 04, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + B 778A5D23 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + 6 778A5DCE 4 Bytes [A8, 0D, 04, 01] {TEST AL, 0xd; ADD AL, 0x1}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + B 778A5DD3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + B 778A5DE3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + 6 778A5DEE 4 Bytes [A8, 0E, 04, 01] {TEST AL, 0xe; ADD AL, 0x1}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + B 778A5DF3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + 6 778A5E4E 4 Bytes [68, 0D, 04, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + B 778A5E53 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + 6 778A5E5E 4 Bytes [68, 0E, 04, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + B 778A5E63 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + B 778A5E73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + 6 778A5F7E 4 Bytes [A8, 0C, 04, 01] {TEST AL, 0xc; ADD AL, 0x1}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + B 778A5F83 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + B 778A6033 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + 6 778A667E 4 Bytes [28, 0D, 04, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + B 778A6683 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + 6 778A66DE 4 Bytes [28, 0E, 04, 01] {SUB [ESI], CL; ADD AL, 0x1}
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + B 778A66E3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + 6 778A69FE 4 Bytes [68, 0F, 04, 01]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + B 778A6A03 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtCreateFile + 6 778A560E 4 Bytes [28, 88, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtCreateFile + B 778A5613 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtMapViewOfSection + 6 778A5C6E 4 Bytes [28, 8B, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtMapViewOfSection + B 778A5C73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenFile + 6 778A5D1E 4 Bytes [68, 88, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenFile + B 778A5D23 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcess + 6 778A5DCE 4 Bytes [A8, 89, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcess + B 778A5DD3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessToken + 6 778A5DDE 4 Bytes CALL 768AC46C C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessToken + B 778A5DE3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessTokenEx + 6 778A5DEE 4 Bytes [A8, 8A, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessTokenEx + B 778A5DF3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThread + 6 778A5E4E 4 Bytes [68, 89, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThread + B 778A5E53 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadToken + 6 778A5E5E 4 Bytes [68, 8A, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadToken + B 778A5E63 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadTokenEx + 6 778A5E6E 4 Bytes CALL 768AC4FD C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadTokenEx + B 778A5E73 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryAttributesFile + 6 778A5F7E 4 Bytes [A8, 88, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryAttributesFile + B 778A5F83 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryFullAttributesFile + 6 778A602E 4 Bytes CALL 768AC6BB C:\Windows\system32\SHELL32.dll
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryFullAttributesFile + B 778A6033 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationFile + 6 778A667E 4 Bytes [28, 89, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationFile + B 778A6683 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationThread + 6 778A66DE 4 Bytes [28, 8A, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationThread + B 778A66E3 1 Byte [E2]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtUnmapViewOfSection + 6 778A69FE 4 Bytes [68, 8B, 66, 00]
.text C:\Users\Aygün\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtUnmapViewOfSection + B 778A6A03 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Aygün at 22:33:04 on 2013-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3253.2093 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Aygün\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Aygün\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\aygün\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Octoshape Streaming Services] "c:\users\aygün\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [LMgrVolOSD] "c:\program files\launch manager\OSD.exe"
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\aygün\appdata\roaming\microsoft\windows\start menu\programs\startup\debug.log
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Mit Mipony herunterladen - c:\program files\mipony\browser\IEContext.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\nvinit.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aygün\appdata\roaming\mozilla\firefox\profiles\nqtrplsz.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2013-3-11 25376]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-6-5 37352]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2013-6-5 84024]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2013-6-5 108088]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-6-5 84744]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-3 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-3 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 107392]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-9 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-9 246272]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-8-4 67624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-3 22856]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-4-27 64904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-4-27 146568]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1009184]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2010-8-14 13720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-8-9 13336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-30 36608]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-15 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-9 193056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-15 49664]
.
=============== Created Last 30 ================
.
2013-09-03 20:33:08 -------- d-----w- c:\users\ayg³n\appdata\local\Microsoft
2013-09-03 16:24:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-03 16:24:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-03 15:48:33 -------- d-----w- C:\AdwCleaner
2013-09-02 17:21:14 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2a193566-2167-4c02-89e5-9f32b26acd28}\mpengine.dll
2013-09-01 14:37:55 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-26 08:28:09 697992 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{587df147-2dcf-4ec8-8bf3-edae90b3fa5f}\gapaengine.dll
2013-08-15 06:52:00 -------- d-----w- C:\fee601f68461d80cd9e99d2237bbf9
2013-08-14 08:42:04 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 08:41:38 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 08:41:37 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 08:41:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 08:41:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 08:41:30 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 08:41:29 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 08:41:28 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 08:41:26 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 08:41:25 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 08:41:14 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 08:41:09 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-08 18:40:55 -------- d-----w- c:\users\aygün\Cyberlink
2013-08-08 17:11:14 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-02 20:18:47 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-02 20:18:42 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-02 20:18:42 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-25 08:35:48 67168 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-18 19:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-17 14:36:52 952 --sha-w- c:\programdata\KGyGaAvL.sys
.
============= FINISH: 22:36:56,90 ===============
Vielen, vielen Dank schonmal für die Hilfe!!!!  |
Baum-Darstellung